Authorities name North Korea hacker group, warn of attacks on Japanese crypto assets
20:00 JST, October 15, 2022
The North Korean hacker group Lazarus has conducted cyber-attacks targeting Japanese crypto asset companies, according to the National Police Agency.
It is unusual to name a suspected attacker before taking such actions as an arrest, but in this case, authorities have adopted a method called “public attribution,” using it in Japan for the fifth time.
Although perpetrators who carry out cyber-attacks from overseas are rarely identified, the country involved can by determined through the analysis of viruses and other investigative methods. Recently, the Japanese government has focused on public attribution, in which the name of the main attacker, its purpose, methods and other information are made public, because it is regarded as an effective tool to deter attacks.
According to a senior NPA official, Lazarus sent phishing emails to employees of target companies, pretending to be executives of cryptocurrency companies, and communicated with them via social media to infect their computers with malware.
Some of the companies had their internal systems hacked and cryptocurrency stolen. After receiving reports of damage, regional police across the nation investigated the cases together with the NPA’s special investigation unit on cyber-attacks, which was established in April this year. Their investigation led to identifying Lazarus as the perpetrator.
Lazarus has close ties to North Korea’s reconnaissance general bureau, which is its foreign intelligence agency, and is believed to have been involved in a WannaCry ransomware attack in 2017 targeting banks and other institutions around the word. In April this year, the U.S. Federal Bureau of Investigation blamed Lazarus and other hackers for the theft of cryptocurrency worth about ¥78 billion.
The NPA has not disclosed individual domestic cases linked to Lazarus. According to sources, Lazarus is believed to have been involved in the theft of about ¥6.7 billion in Bitcoin and other cryptocurrency from the Zaif crypto exchange in 2018, as well as a case in which Ripple and other cryptocurrency worth about ¥3.5 billion disappeared from Bitpoint Japan in 2019.
On Friday, the NPA jointly released an alert with the Financial Services Agency and the National Center of Incident Readiness and Strategy for Cybersecurity, saying it was highly likely that Japanese businesses have been targeted by Lazarus for several years. As a countermeasure, the authorities urge people not to open email attachments carelessly.
“Lazarus initially targeted banks in various countries, but recently it has been aiming at crypto assets that are managed more loosely,” said Katsuyuki Okamoto, 56, of the information security firm Trend Micro Inc. “It’s important to engage in public attribution, as it will raise public awareness of the perpetrator’s tactics and prompt people to take measures.”
"Politics" POPULAR ARTICLE
-
Ishiba Favored by Older Voters, Koizumi by Young in LDP Presidential Race, Says Poll
-
Japan’s LDP Presidential Candidates Time Announcements of Runs; Better to Gain Attention Now or Quietly Build Support?
-
Japanese Government Tells Australia of Willingness to Cooperate in Building Warships; New Model Based on Mogami-Class Frigate
-
Japan’s Ishiba Announces Final Bid for LDP President; Ishiba Vows to Establish LDP that Will ‘Abide by the Rules’
-
LDP Koizumi to Announce Presidential Bid Sept. 6
JN ACCESS RANKING
- Philippines Steps Up Defense of Northernmost Province with Eye on Possible Contingency Involving Taiwan
- Typhoon Shanshan Forms, Slowly Moves Toward Japan; Govt Says Typhoon No. 10 Likely to Approach Japan Next Week
- Tokyo Companies Prepare for Ashfall From Mt. Fuji Eruption; Disposal Of Ash, Possibly at Sea, A Major Challenge
- Shizuoka Pref. City Offers Foreigners Free Japanese Language Classes; Aims to Raise Non-Natives to Daily Conversation Level
- Typhoon No. 10 Forecast to Develop; Move into Pacific Ocean South of Japan on Aug. 26