Bitmex made a bold announcement this afternoon, claiming it had thwarted a major hack attempt from the Lazarus Group. The Exchange security team analyzed the hacker’s code and revealed some interesting new information.
The malware has surprisingly insufficient operational security, allowing BitMex to trace IP addresses and active times for multiple members. Still, the company not only defeated Lazarus’ second string hacker, but also admitted it wasn’t the best.
Bitmex wins the Lazarus Group
The Lazarus Group is a horrifying North Korean hacker organization and is responsible for the biggest theft in the history of code. The group stole a huge sum and successfully washed it thanks to the sophisticated Defi trade network.
However, according to a recent blog post, recent attempts to hack Lazarus’ Bitmex have been prevented.
Lazarus Hacker attempted to fish Bitmex employees by submitting a fake request to collaborate on the Web3 NFT Marketplace project. The employee warned security to play with scammers and get malware baits. From there, Bitmex analysts dismantled it and gathered knowledge about the group’s organization.
“In the past few years, the groups appear to be divided into multiple subgroups that are not necessarily of the same technical refinement. This can be observed through the bad practices that come from these “frontline” groups that carry out social engineering attacks compared to more refined post-mining techniques,” Bitmex argued.
Specifically, Bitmex identified a lot of sloppy work with early malware. This allowed analysts to find a list of IP addresses from compromised computers. Additionally, they identified test runs.
One of the China-based Lazarus members left Incriminate information in this database. This was used by Bitmex to obtain profiles of other members and their work schedules.
Bitmex’s work here could go a long way in penetrating the image of danger and psychic powers of the Lazarus Group. A long-term derivative exchange, Bitmex appears to be an unexpected candidate for making these discoveries.
Instead of the famous Crypto Sleuth, private companies that were out of the news recently were able to crack this code.
Still, it’s important not to overstate the situation. The Lazarus Group tried to send a B-Team to try Bitmex, but the more advanced hackers would have been taking advantage of a successful violation.
Bitmex exploited the group’s sloppy operational security, but its members remain completely anonymous. Perhaps they have a lot of future success with softer targets.
Disclaimer
In compliance with Trust Project guidelines, Beincrypto is committed to reporting without bias and transparent. This news article is intended to provide accurate and timely information. However, we recommend that readers independently verify the facts and consult with experts before making decisions based on this content. Please note that our terms and conditions, privacy policy and disclaimer have been updated.
