Japan’s National Police Agency (NPA) and Financial Services Agency (FSA) warned the nation’s crypto firms to be on the lookout for “phishing” attempts by the hacking gang intended to steal crypto assets in the public advisory statement released on October 14.
“This cyber attack group sends phishing emails to employees impersonating executives of the target company… through social networking sites with false accounts, pretending to conduct business transactions….The cyber-attack group (then) uses the malware as a foothold to gain access to the victim’s network.”
The Lazarus Group, who are thought to have lately concentrated more on crypto money because they’re “managed more loosely,” are said to have utilised phishing as a popular technique of attack, according to the Japan Government.
According to local reports, this is the fifth time in history that the government has issued a “public attribution” statement.
The statement says that the hacker outfit employs social engineering to plan phishing attacks, posing as leaders of a target business to try to trick employees into opening malware links or attachments.
The warning also advised against downloading data from sites whose legitimacy cannot be confirmed, especially when using them for applications involving digital assets. The NPA and FSA advised the targeted organisations to retain their “private keys in an offline environment” and to avoid carelessly clicking on email attachments or hyperlinks because phishing has been a prevalent method of attack adopted by North Korean hackers.
The NPA acknowledged that several of these attacks targeting Japanese-based digital asset companies were effective but kept any further information.