Infamous North Korean cybercrime group Lazarus has been flagged in an attempted cyber attack on cross-chain firm deBridge Finance.
The campaign is likely widespread, as confirmed by co-founder Alex Smirnov in a Twitter post on Friday.
The attack vector was via email, with an attached PDF file named "New Salary Adjustments" sent from an address that mirrored Smirnov's own.
Smirnov further explained that macOS users remain unaffected, as opening the said PDF link on a Mac would lead to a zip archive with the normal PDF file Adjustments.pdf (md5: 15a4…39c2).
However, the same is not true in the case of Windows systems. Clicking the PDF link on a Windows device would lead to an archive with a password-protected pdf with the same name (md5: 0038…8bc4), and an additional file named Password.txt.lnk (md5: 2eaa…6a30).
The whole system gets infected upon clicking the password.txt.lnk file link. “It’s interesting that only a few anti-virus solutions mark these files as malicious,” added Smirnov.
Alerting users, Smirnov also advised teams to “never open email attachments without verifying the sender’s full email address.”
The news breaks weeks after the US State Department doubled the reward for information on cyber threat actors having roots in North Korea.
-
Dell PowerRack launches at Dell Technologies World 2026 as a ‘turnkey’ networking, storage, and compute system for AIThe newly announced solution is designed to help organizations get up and running at super speed
-
Dell unveils Deskside Agentic AI at Dell Technologies World 2026News Deskside Agentic AI is the latest in the Dell AI Factory with Nvidia stable, with the company saying it further demonstrates its end-to-end enterprise AI capability
