deBridge suspects Lazarus Group behind attempted phishing attack
macOS systems remain unaffected, states deBridge co-founder Alex Smirnov
Infamous North Korean cybercrime group Lazarus has been flagged in an attempted cyber attack on cross-chain firm deBridge Finance.
The campaign is likely widespread, as confirmed by co-founder Alex Smirnov in a Twitter post on Friday.
The attack vector was via email, with an attached PDF file named "New Salary Adjustments" sent from an address that mirrored Smirnov's own.
Smirnov further explained that macOS users remain unaffected, as opening the said PDF link on a Mac would lead to a zip archive with the normal PDF file Adjustments.pdf (md5: 15a4…39c2).
However, the same is not true in the case of Windows systems. Clicking the PDF link on a Windows device would lead to an archive with a password-protected pdf with the same name (md5: 0038…8bc4), and an additional file named Password.txt.lnk (md5: 2eaa…6a30).
The whole system gets infected upon clicking the password.txt.lnk file link. “It’s interesting that only a few anti-virus solutions mark these files as malicious,” added Smirnov.
Alerting users, Smirnov also advised teams to “never open email attachments without verifying the sender’s full email address.”
Sign up today and you will receive a free copy of our Future Focus 2026 report - the leading resource for IT decision-maker insight on priorities and investment areas in AI, security and more.
The news breaks weeks after the US State Department doubled the reward for information on cyber threat actors having roots in North Korea.
-
Nissan employee data exposed in Oracle PeopleSoft zero-day attacksNews The car manufacturer has urged current and former employees to change banking passwords and remain vigilant for phishing emails
-
Why Apple is speeding up software patchingNews Apple is speeding up its software patching processes amid rising concerns that AI is helping hackers to spot and exploit flaws at a far quicker pace.