Lazarus Hackers got caught – Millions seized by the Norway government 

The trio of Norwegian authorities, the Federal Bureau of Investigation (FBI), and the US Department of Justice (DOJ) have seized the most significant amount ever from the Axie infinity heist.

 “It is the biggest crypto seizure Norwegian police have ever made,” said Norway’s Økokrim.

[DB] Axie Infinity CEO Moved $3m Worth of AXS to Binance Before Hack Disclosure: Bloomberg

Sky Mavis says the executive was shoring up funds to protect the business and help users after Ronin attack

— db (@tier10k) July 28, 2022

Background of Lazarus group

The Lazarus Group is a sophisticated cybercrime group believed to be based in North Korea. They are notorious for their involvement in various high-profile cyberattacks, including the 2014 hack of Sony Pictures and the 2017 WannaCry ransomware attack.

One of the areas where the Lazarus Group has shown particular expertise is cryptocurrency hacking. They have used various tactics to target cryptocurrency exchanges and steal digital assets.

What is the Axie heist?

In October 2021, there was a reported “Axie Infinity Heist,” where a group of hackers stole a significant amount of Axie and other in-game assets from multiple players.

The attackers used a variety of techniques to gain access to player accounts, like

• Phishing attacks 
• Social engineering
• Transferring the stolen assets to other accounts 
• Sold them on third-party marketplaces.

The heist affected many players and caused the value of Axies and other in-game assets to drop significantly. Axie Infinity’s development team implemented new security measures and encouraged players to use two-factor authentication to protect their accounts.

What’s happening today?

Økokrim, Norway’s National Authority for Investigation and Prosecution of Economic and Environmental Crime, announced Thursday that it had seized 60 million kroner (approximately $5.8 million) in crypto in connection with the attack against Axie Infinity and Sky Mavis.

“We work with FBI specialists on tracking cryptocurrency. Such cooperation between countries means that we as a society stand stronger in the fight against digital, profit-motivated crime,” First State Attorney Marianne Bender commented.

The profits made through these attacks were used to spy on defense authorities and to create more significant attacks. Ransomware attacks were also funded in healthcare sectors, specifically targeting the United States and South Korea.

ASEC decoding about Lazarus

According to the cybersecurity company ASEC, the Lazarus Group has used various attack techniques. Here are a few of them:

• Spear-phishing: The Lazarus Group often uses spear-phishing attacks to trick specific individuals into clicking on a malicious link or opening a malicious attachment. 
• Watering hole attacks: The group has also been known to set up fake websites that mimic legitimate sites frequented by its targets. When a target visits the fake site, malware is downloaded onto their computer.
• Malware: The Lazarus Group has created and used a variety of malware, including remote access trojans (RATs) and keyloggers, to gain access to and control targeted systems.
• Cryptocurrency theft: Using malware to steal data and money from cryptocurrency exchanges and wallets.
• Zero-day exploits: The group has been known to use vulnerabilities in software that have yet to be discovered or patched to gain access to systems.

Concluding Thoughts

Lazarus is a highly skilled group with many sub-groups. They have used many complicated and new in-town techniques to disrupt cyber security laws. With constant development, they are also improving their theft techniques, especially in the crypto market. It is always prudent to take security measures, even if you feel safe regarding your online presence.