North Korean Hackers Expand Their Attack Strategy: Beyond Lazarus Group
.jpeg)
A cybersecurity research team at Paradigm has mapped out the details of North Korea’s cyberattack campaigns, shedding light on mysterious hacker groups and new attack methods._
In March, the cryptocurrency community was rocked by a massive hack attributed to North Korean hackers that cost the company $1.6 billion.
According to a report from Paradigm, a hacker group affiliated with Lazarus Group targeted the OKX cryptocurrency exchange, siphoning off billions of dollars in digital assets before moving the funds through cryptocurrency mixers to hide their tracks.
“We’ve been tracking this attack from the very beginning,” Samczsun, a researcher at Paradigm, wrote in a blog post. The team has been working with OKX to verify the vulnerability and mitigate the damage.
Not Just Lazarus Group
North Korean cyberattacks have become a serious threat to the blockchain ecosystem, but what is more worrying is the diversification of their attack tactics.
Samczsun emphasizes that it is incorrect to attribute all of North Korean cyberattacks to Lazarus Group. Several other hacker groups operate under the purview of the Reconnaissance General Bureau (RGB), including:
- AppleJeus – Targets cryptocurrency businesses through malware that impersonates financial apps.
- APT38 – A Lazarus offshoot that specialized in attacking banks and traditional financial systems before moving to blockchain.
- TraderTraitor – Uses a recruitment scam strategy, previously linked to the Axie Infinity hack.
- DangerousPassword – Deploys simple but effective phishing attacks via email and Telegram.
Defenses Are Being Boosted
The OKX hack is just one part of a larger campaign of attacks by North Korea. More than $3 billion was stolen from various cryptocurrency platforms in the first quarter of this year alone.
To combat the threat, OKX has launched a bounty program of up to $200 million for anyone who can help track or freeze the stolen funds. The exchange is also working with the FBI and cybersecurity agencies to track down the hackers.
“This is not just a financial war, it is a technology and security war,” an OKX representative said.
The Future of Blockchain Security
While North Korea is deploying increasingly sophisticated tactics, experts believe that increased security measures can help minimize the damage.
Samczsun recommends that cryptocurrency companies adopt strict security principles such as two-factor authentication, access restrictions, and real-time transaction monitoring. Partnering with security groups such as SEAL 911 or the FBI's cybersecurity unit will also help limit future attacks.