朝鲜黑客Lazarus Group 6年窃取30亿
作者:碳链价值
近日,根据网络安全公司Recorded Future发布的一份报告显示,与朝鲜有关的黑客组织 Lazarus Group在过去6年中窃取了30亿美元加密货币。
报告称,仅在2022年,Lazarus Group就掠夺了17亿美元的加密货币,很可能为朝鲜项目提供资金。
区块链数据分析公司Chainaanalysis 表示,其中11亿美元是从DeFi平台被盗的。美国国土安全部9月份发布报告称,作为其分析交换计划 (AEP) 的一部分,也强调了 Lazarus对 DeFi 协议的利用。
Lazarus Group 的专长是资金盗窃。2016年,他们入侵了孟加拉国中央银行,窃取了8100万美元。2018年,他们攻击了日本加密货币交易所Coincheck,盗走了5.3亿美元,并攻击了马来西亚中央银行,窃取了3.9亿美元。
碳链价值精编报告精华部分供大家参考:
自2017年开始,朝鲜将加密行业作为网络攻击目标,窃取加密货币价值总计超过30亿美元。而在此之前,朝鲜曾劫持SWIFT网络,并从金融机构之间窃取资金。这种活动引起了国际机构密切关注。金融机构从而投资改善了自身网络安全防御。
在2017年,加密货币开始盛行成为主流时,朝鲜黑客将其窃取目标从传统金融转向这种新型数字金融之上,首先瞄准的是韩国加密市场,随后在全球范围内扩展了影响力。
仅在2022年,朝鲜黑客被指控窃取了价值约17亿美元的加密货币,这个数字相当于朝鲜国内经济规模的约5%,或其军事预算的45%。这个数字也几乎是朝鲜2021年出口价值的10倍,根据OEC网站数据显示,当年朝鲜的出口额为1.82亿美元。
朝鲜黑客在加密行业窃取加密货币的运作方式,通常与利用加密混合器、跨链交易和法币OTC的传统网络犯罪的运作方式相似。然而,因为有国家在背后作为后盾,所以窃取行为能够扩大自身运作规模。这种运作方式是传统网络犯罪团伙无法做到的。
根据数据追踪,2022年,约有44%被盗加密货币与朝鲜黑客行为有关。
朝鲜黑客的目标并不局限于交易所,个人用户、风投公司以及其他技术和协议都曾受到朝鲜黑客行为的攻击。所有这些在行业运营的机构和工作的个人都有可能成为朝鲜黑客的潜在目标,从而让朝鲜政府继续运作和筹集资金。
任何在加密行业中任职的用户、交易所运营商以及初创企业创始人,都应该意识到可能成为黑客攻击的目标。
传统金融机构也应密切关注朝鲜黑客组织的活动。一旦加密货币被窃取并转换成法币,朝鲜黑客窃取行为将在不同账户之间进行资金转移以掩盖来源。通常情况下,被盗身份以及修改后的照片被用于绕过AML/KYC验证。任何成为与朝鲜黑客团队相关入侵受害者的个人识别信息(PII)可能会被用来注册账户,以完成窃取加密货币的洗钱过程。因此,经营加密货币和传统金融行业以外的公司也应警惕朝鲜黑客团体活动,以及他们的数据或基础设施是否被用作进一步入侵的跳板。
由于朝鲜黑客组织的大多数入侵都始于社会工程和网络钓鱼活动。一些组织机构应该培训员工监控此类活动,并实施强有力的多因素身份验证,例如,符合FIDO2标准的无密码认证。
朝鲜明确将持续窃取加密货币视为主要收入来源,用于资助自身军事和武器项目。虽然目前尚不清楚有多少窃取的加密货币直接用于资助弹道导弹发射,但很明显,近年来被窃取的加密货币数量以及导弹发射数量都大幅增加。如果没有更严格法规、网络安全要求和对加密货币公司网络安全的投资,朝鲜几乎肯定会继续以加密货币行业作为支持国家额外收入的来源。
2023年7月12日,美国企业软件公司JumpCloud宣布,一名朝鲜支持的黑客已经进入其网络。Mandiant研究人员随后发布一份报告,指出负责此次攻击的团体是UNC4899,很可能对应着「TraderTraitor」,一个专注于加密货币的朝鲜黑客组织。截至2023年8月22日,美国联邦调查局(FBI)发布通告称,朝鲜黑客组织涉及Atomic Wallet、Alphapo和CoinsPaid的黑客攻击,共窃取1.97亿美元的加密货币。这些加密货币的窃取使得朝鲜政府能够在严格的国际制裁下继续运作,并资助其高达50%的弹道导弹计划的成本。
2017年,朝鲜黑客入侵了韩国的交易所Bithumb、Youbit和Yapizon,当时窃取的加密货币价值约为8270万美元。还有报道称,2017年7月Bithumb用户的客户个人身份信息遭到泄露后,加密货币用户也成为了攻击目标。
除窃取加密货币外,朝鲜黑客还学会了加密货币挖矿。2017年4月,卡巴斯基实验室的研究人员发现一种Monero挖矿软件,该软件安装在APT38的入侵中。
2018年1月,韩国金融安全研究所研究人员宣布,朝鲜的Andariel组织在2017年夏季入侵一家未公开的公司服务器,并用于挖掘了约70枚当时价值约为25000美元的门罗币。
2020年,安全研究人员继续报告了朝鲜黑客针对加密货币行业的新网络攻击。朝鲜黑客组织APT38针对美国、欧洲、日本、俄罗斯和以色列的加密货币交易所进行攻击,并使用Linkedin作为最初联系目标的方式。
2021年是朝鲜针对加密货币行业的最高产的一年,朝鲜黑客入侵了至少7家加密货币机构,并窃取了价值4亿美元的加密货币。此外,朝鲜黑客开始瞄准Altcoins(山寨币),包括ERC-20代币,以及NFTs。
2022年1月,Chainalysis研究人员确认,从2017年以来尚有价值1.7亿美元的加密货币待兑现。
2022年归属于APT38的显著攻击包括Ronin Network跨链桥(损失6亿美元)、Harmony桥(损失1亿美元)、Qubit Finance桥(损失8000万美元)和Nomad桥(损失1.9亿美元)。这4次攻击特别针对这些平台的跨链桥。跨链桥连接了2个区块链,允许用户将一种加密货币从一个区块链发送到另一个包含不同加密货币的区块链。
2022年10月,日本警察厅宣布Lazarus Group针对在日本运营的加密货币行业的公司进行了攻击。虽然没有提供具体细节,但声明指出,一些公司遭到了成功的入侵,并且加密货币被窃取。
2023年1月至8月间,APT38据称从Atomic Wallet(2次攻击共1亿美元损失)、AlphaPo(2次攻击共6000万美元损失)和CoinsPaid(3700万美元损失)窃取了2亿美元。同样在1月份,美国FBI证实,APT38在窃取Harmony的Horizon桥虚拟货币方面损失了1亿美元。
在2023年7月的CoinsPaid攻击中,APT38操作员可能冒充招聘者,专门针对CoinsPaid的员工发送了招聘电子邮件和LinkedIn消息。CoinsPaid表示,APT38花了6个月的时间试图获得对其网络的访问权限。
缓解措施
以下是Insikt Group提出的防范建议,以防止朝鲜网络攻击针对加密货币用户和公司的攻击行为:
启用多重身份认证(MFA):为钱包和交易使用硬件设备,如YubiKey,以增强安全性。
为加密货币交易所启用任何可用的MFA设置,以最大程度保护账户免受未经授权的登录或窃取。
验证已验证的社交媒体账户,检查用户名是否包含特殊字符或数字替换字母。
确保所请求的交易是合法的,验证任何空投或其他免费加密货币或NFT推广活动。
在接收到类似Uniswap或其他大型平台的空投或其他内容时,始终检查官方来源。
始终检查URL,并在点击链接后观察重定向,确保网站是官方网站而不是钓鱼网站。
以下是针对社交媒体诈骗防御的一些提示:
在进行加密货币交易时格外谨慎。加密货币资产没有任何机构保障来减轻「传统」欺诈。
使用硬件钱包。硬件钱包可能比像MetaMask这样始终连接到互联网的「热钱包」更安全。对于连接到MetaMask的硬件钱包,所有交易都必须通过硬件钱包批准,从而提供了额外的安全层。
仅使用可信的dApps(去中心化应用程序),并验证智能合约地址以确认其真实性和完整性。真正的NFT铸造交互依赖于可能是更大dApp的一部分的智能合约。可以使用MetaMask、区块链浏览器(如Etherscan)或有时直接在dApp内部验证合约地址。
双重检查官方网站的网址以避免模仿。一些加密货币窃取钓鱼页面可能依赖于域名拼写错误来欺骗毫不知情的用户。
对于看起来太好以至于难以置信的优惠表示怀疑。加密货币窃取钓鱼页面会以有利的加密货币交易汇率或NFT铸造交互的低廉Gas费来吸引受害者。
The author's carbon chain value recently, according to a report released by a network security company, hackers related to North Korea have stolen hundreds of millions of dollars of cryptocurrency in the past year. The report said that cryptocurrency robbed hundreds of millions of dollars in 2008 alone, which is likely to provide funds for North Korea projects. Blockchain data analysis company said that hundreds of millions of dollars of them were stolen from the platform. The US Department of Homeland Security released a report in January, saying that as part of its analysis and exchange plan, it also emphasized that the specialty of using the agreement was stealing funds in 2008. Invaded the Central Bank of Bangladesh and stole $10,000 a year. They attacked the Japanese cryptocurrency exchange and stole $100 million, and attacked the Central Bank of Malaysia and stole $100 million. The essence of the report is for your reference. Since 2000, North Korea has targeted the cryptocurrency industry for cyber attacks, stealing cryptocurrency worth more than $100 million. Before that, North Korea hijacked the network and stole funds from financial institutions. This activity has attracted close attention from international institutions. And investment has improved its own network security defense. When cryptocurrency became popular and became the mainstream in, North Korean hackers turned their stealing target from traditional finance to this new digital finance. First, they aimed at the Korean cryptocurrency market, and then their influence expanded on a global scale. Only in, North Korean hackers were accused of stealing cryptocurrency worth about 100 million dollars, which is equivalent to about the size of North Korea's domestic economy or its military budget, and this figure is almost twice the annual export value of North Korea, according to the website. The data show that North Korea's export in that year was US$ 100 million. The operation mode of North Korean hackers stealing cryptocurrencies in the encryption industry is usually similar to that of traditional cyber crimes that use encryption mixers to cross-chain transactions and legal money. However, because there is a country behind them, the theft can expand its own operation scale, which is impossible for traditional cyber criminal gangs. According to the data, there are about stolen cryptocurrencies in the encryption industry, and the goals of North Korean hackers are not good. Limited to individual users of exchanges, venture capital firms and other technologies and agreements have been attacked by North Korean hackers. All these institutions and individuals operating in the industry may become potential targets of North Korean hackers, so that the North Korean government can continue to operate and raise funds. Any user, exchange operator and founder of start-ups working in the encryption industry should be aware of the possible targets of hacking. Traditional financial institutions should also pay close attention to the activities of North Korean hackers. Once the cryptocurrency is stolen and converted into legal tender, North Korean hackers will transfer funds between different accounts to cover up the source. Usually, the stolen identity and the modified photos will be used to bypass the verification. Any personally identifiable information that becomes the victim of the invasion related to the North Korean hacker team may be used to register accounts to complete the money laundering process of stealing cryptocurrency. Therefore, companies operating cryptocurrency and outside the traditional financial industry should also be alert to the activities of North Korean hacker groups and their Whether data or infrastructure is used as a springboard for further invasion, because most of the intrusions by North Korean hackers begin with social engineering and phishing activities, some organizations should train employees to monitor such activities and implement strong multi-factor authentication, such as standard password-free authentication. North Korea clearly regards the continuous theft of cryptocurrency as the main source of income to fund its own military and weapons projects, although it is not clear how much of the stolen cryptocurrency is directly used to fund bombs. Missile launches, but it is obvious that the number of cryptocurrencies stolen and the number of missile launches have increased greatly in recent years. Without stricter regulations, network security requirements and investment in cryptocurrency companies, North Korea will almost certainly continue to use cryptocurrency industry as a source of support for the country's additional income. On April, American enterprise software company announced that a hacker supported by North Korea had entered its network, and then released a report stating that the group responsible for the attack was likely to be right. In response to a North Korean hacker organization focusing on cryptocurrencies, the FBI issued a notice as of March, saying that the hacker attacks involved by the North Korean hacker organization had stolen hundreds of millions of dollars of cryptocurrencies. The theft of these cryptocurrencies enabled the North Korean government to continue to operate under strict international sanctions and funded its high cost of ballistic missile program. In, North Korean hackers invaded South Korean exchanges and the cryptocurrencies stolen at that time were worth about 10,000 dollars. It was also reported that the personal customers of users in March were worth about 10,000 dollars. After the identity information was leaked, cryptocurrency users also became the target of attack. In addition to stealing cryptocurrency, North Korean hackers also learned how to mine cryptocurrency. In September, Kaspersky Lab researchers discovered a mining software, which was installed in the invasion month. Researchers at the Korea Institute of Financial Security announced that North Korean organizations invaded an undisclosed company server in the summer of 2008 and used it to mine about Monroe coins worth about US dollars at that time. The security researchers continued to report on North Korea's black. New cyber attacks on cryptocurrency industry by customers North Korean hackers attacked cryptocurrency exchanges in the United States, Europe, Japan, Russia and Israel, and used the method of initial contact as the target. Last year was the most productive year for cryptocurrency industry in North Korea, and North Korean hackers invaded at least one cryptocurrency institution and stole cryptocurrency worth hundreds of millions of dollars. In addition, North Korean hackers began to target counterfeit coins, including tokens, and researchers confirmed that there were still hundreds of millions of dollars worth of Canadian dollars since. The notable attacks attributed to the year when cryptocurrency is to be cashed include the loss of $ billion across the chain bridge, $ billion across the bridge and $ billion across the bridge. This attack is especially aimed at the cross-chain bridge of these platforms, which connects a blockchain to allow users to send one cryptocurrency from one blockchain to another with different cryptocurrencies. In September, the Japanese police announced that it had attacked companies operating in the cryptocurrency industry in Japan, although it did not provide specific details, but the statement pointed out that Some companies were successfully invaded and cryptocurrency was stolen. It is said that from January to October, a total of $100 million was lost from the second attack, and a total of $10,000 was lost and $100,000 was stolen. Similarly, in January, the United States confirmed that it lost $100 million in stolen bridge virtual currency. In the attack in June, the operator may pretend to be an employee specially targeted by the recruiter and sent a recruitment email and message, indicating that it took months to try to gain access to its network. The following are some preventive suggestions to prevent North Korea from cyber attacks and enable multiple identities against cryptocurrency users and companies. 比特币今日价格行情网_okx交易所app_永续合约_比特币怎么买卖交易_虚拟币交易所平台
注册有任何问题请添加 微信:MVIP619 拉你进入群
打开微信扫一扫
添加客服
进入交流群
1.本站遵循行业规范,任何转载的稿件都会明确标注作者和来源;2.本站的原创文章,请转载时务必注明文章作者和来源,不尊重原创的行为我们将追究责任;3.作者投稿可能会经我们编辑修改或补充。
