North Korea state-sponsored criminals are not the only ones evolving their tactics against the cryptoassets industry. Alongside serious defense improvements, the industry has now developed a humorous response as well.
A group of crypto security experts, Security Alliance (SEAL), now also maintains the Lazarus.group website, which is a parody consultancy created to help companies protect themselves against the Democratic People's Republic of Korea (DPRK) threat.
For example, the "Team" section of the website introduces dozens of "experts" who helped "numerous projects succeed."
"From marketing to finance to engineering to security, our expert team has seen it all," the section reads. It also includes the same people listed under different names.
According to Isaac Patka, founder of the automated Web3 security and compliance platform Shield3 and a member of SEAL, these "experts" are profiles of known North Korean so-called IT workers who try to infiltrate cryptoasset companies and steal their funds.
"And if you recognize anybody on that page, you might have a [North Korean] IT worker at your company," Patka said during a recent Unchained podcast.
The "consultancy," which introduces itself as a "one-stop shop for your crypto project," offers "services" such as blockchain development, penetration testing, custodial services, and liquidity management.
"From conception to deployment, we handle every aspect of your blockchain project," the tongue-in-cheek advertising reads.
On a more serious note, the website offers other resources, such as a framework for those who might have hired a North Korean IT worker. Among other things, it helps identify whether a company has hired this type of criminal.
"DPRK IT Workers have been known to successfully evade detection for YEARS. Focus on creating a full profile of your employee and judge it based on the complete picture and any inconsistencies you find," the framework emphasizes,
Red flags also include an employee avoiding real-life meetings, inconsistencies in work and communication, bogus work history, identity switching, and more.
If a company has indeed hired a DPRK IT worker, or even more than one, it is advised not to fire them immediately, but to quietly revoke access and mitigate any immediate risks.
"At the same time, you should immediately cease any further payments to the DPRK IT Worker. It's illegal," SEAL warned.
As reported by Cybernews, it is estimated that North Korea has stolen at least $1.4-2 billion in cryptoassets this year alone.
What's more, it has moved from opportunistic hacks to an industrialized supply chain: sourcing initial access from social engineering specialists, extracting funds via infrastructure attacks, and liquidating assets through a subcontracted network of Chinese shadow bankers.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked