FlagThis

The BitMEX cryptocurrency exchange has successfully thwarted an intrusion attempt orchestrated by the Lazarus Group, a notorious hacking organization with ties to North Korea. The exchange's security team detected the attack, preventing any compromise of their systems. In a significant countermove, BitMEX's security team managed to access one of the Lazarus Group's servers, providing valuable insights into their operations and tactics.

Researchers at BitMEX uncovered critical missteps made by the Lazarus Group during their campaigns, including exposed IP addresses and an accessible database. One key finding involved a rare slip-up where a hacker inadvertently revealed their real IP address, which was traced to Jiaxing, China. This location is near Shanghai and represents a notable lapse in security for the typically secretive group. BitMEX also blocked a phishing attempt linked to the Lazarus Group, where attackers posed as NFT partners on LinkedIn to trick one of its employees.

The Lazarus Group's attack strategy often begins with relatively unsophisticated methods like phishing to gain initial access to targeted systems. In this case, the attackers invited a BitMEX employee to a private GitHub repository containing code for a fake Next.js/React website. The goal was to make the victim run the project, which included malicious code, on their computer. BitMEX emphasized that the "Lazarus Group" comprises multiple hacking teams under the control of the North Korean government, responsible for stealing significant sums of money through various cyberattacks.

ImgSrc: assets.bitdegre

References :

• blog.bitmex.com: The BitMEX cryptocurrency exchange says it detected and stopped an intrusion attempt from North Korean hacking group Lazarus. BitMEX's security team gained access to one of the group's servers and traced one of its operators to Jiaxing, China.
• bsky.app: The BitMEX cryptocurrency exchange says it detected and stopped an intrusion attempt from North Korean hacking group Lazarus.
• DataBreaches.Net: Researchers at crypto exchange BitMEX on Friday said that they had uncovered several critical missteps that North Korean state-sponsored hacker group Lazarus had made during its campaigns. Those lapses included exposed IP addresses, an accessible Supabase database, and tracking algorithms.
• Catalin Cimpanu: BitMEX cryptocurrency exchange says it detected and stopped an intrusion attempt from North Korean hacking group Lazarus. BitMEX's security team gained access to one of the group's servers and traced one of its operators to Jiaxing, China.
• www.bitdegree.org: BitMEX has blocked a phishing attempt linked to the Lazarus Group , a hacking operation with ties to North Korea.
• Metacurity: German police ID Trickbot's "Stern," BitMEX thwarts Lazarus Group attack, Shin Bet thwarted 85 Iranian cyberattacks aimed at civilians, Vibe coding app Lovable failed to fix critical flaw, China's quantum satellite Micius has a security flaw, Russia's Unit 29155 has a hacker team, much more
• bsky.app: The BitMEX cryptocurrency exchange thwarted an intrusion attempt from the North Korean hacking group Lazarus Group.
• securityonline.info: BitMEX Turns Tables on Lazarus Group: Infiltrates Hacker Infrastructure
• securityonline.info: BitMEX Turns Tables on Lazarus Group: Infiltrates Hacker Infrastructure
• Metacurity: Bitcoin options trading venue BitMEX discovered an operational security mistake in a thwarted attack by N. Korea's Lazarus Group, which revealed the attackers' IP address and uncovered at least 10 potential accounts used to test or develop its malware.

Classification:

• HashTags: #LazarusGroup #BitMEX #Cybersecurity
• Company: BitMEX
• Target: BitMEX
• Attacker: Lazarus Group
• Product: Cryptocurrency
• Feature: intrusion attempt
• Type: Hack
• Severity: Medium