BitMEX Successfully Blocks Suspected Lazarus Attack, Finds Its Internet Protocol Address and Significant Security Fault

In an announcement on Friday, BitMEX said its security team had successfully blocked a social engineering attack by the Lazarus Group, a North Korea-linked hacking group. "Recently, an employee was contacted via LinkedIn to collaborate on the NFT marketplace Web3 project, with the aim of inducing victims to run the project code containing malicious code on their computers," BitMEX said. The employee identified the risk and reported it in time, and the security team stepped in to investigate and found that the attack attempted to reuse malicious code called "BeaverTail". "We found an'operational security error 'in the script that may have exposed the attacker's original Internet Protocol Address," BitMEX noted. The team added: "The group appears to have split into several groups of varying technical levels." They have identified at least 10 accounts that may have been used to test or develop malicious software. BitMEX added: "This investigation shows a sharp contrast between the group's rudimentary phishing tactics and its advanced exploitation techniques."