BitMEX researchers found poor operational security in the Lazarus Group’s hacker network, exposing flaws in the group’s tactics and setup.
The security team of the BitMEX cryptocurrency exchange identified vulnerabilities in the operational security of the Lazarus Group, a cybercrime network sponsored by the North Korean government (DPRK), during a counter-operations investigation that revealed IP addresses, a database, and tracking algorithms employed by the malicious organization.
Security analysts for the exchange assert that there is a significant probability that at least one hacker inadvertently disclosed his IP address, revealing the hacker’s actual location to be in Jiaxing, China.
Furthermore, the BitMEX researchers report that they successfully accessed an instance of the Supabase database, a platform designed for the straightforward deployment of databases with user-friendly interfaces for applications utilized by the hacking organization.
The investigation indicated an asymmetry between the group’s low-skill social engineering teams, who aim to manipulate unsuspecting victims into installing dangerous software, and the advanced code exploits created by high-tech hackers.
The asymmetry indicates that the North Korean state-sponsored hacking operation has fragmented into distinct sub-groups, each possessing varying threat capabilities, collaborating to deceive consumers, according to the BitMEX team.
The research details a succession of prominent hacking instances, social engineering schemes, and the infiltration of blockchain and technology firms linked to the Lazarus Group and other North Korean-associated operatives.
Federal Law Enforcement Authorities, Governmental Bodies Have Raised Concerns Over The Lazarus Group
Federal law enforcement agencies and global governments are intensifying investigations into the actions of hackers linked to the DPRK, raising concerns about several prevalent fraud tactics utilized by these threat actors.
In September 2024, the Federal Bureau of Investigation (FBI) of the United States published a caution regarding social engineering schemes executed by a group supported by the DPRK, which includes phishing attempts aimed at cryptocurrency users through fraudulent employment propositions.
The governments of Japan, the United States, and South Korea reiterated the FBI’s warning in January 2025, categorizing the hacking activity as a menace to the financial system.
A recent Bloomberg story indicated that global leaders might address the threat posed by the Lazarus hacking group at the forthcoming G7 Summit, along with plans to offset the damage inflicted by the DPRK-affiliated organization.
