The Bitmex Crypto Exchange security team discovered gaps in the operational security of the Lazare group, a network of cybercrime sponsored by the North Korean government (RPDC), following a survey of counter-operations on the organization, which exposed the IP addresses, a database and monitoring algorithms used by the malicious group.
Security researchers for the exchange say that there is a high probability that at least a hacker has accidentally revealed his real IP address, which has shown that the real location of the pirate is in Jiaxing, China.
In addition, Bitmex researchers say they were also able to access an instance of the Supabase database, a platform to easily deploy databases with simple interfaces for applications, used by the hacking group.
According to the report, the analysis has highlighted the asymmetry between the low -skill social engineering teams designed to channel the victims without distrust to download malware and interact with sophisticated code exploits developed by high -tech hackers.
This asymmetry indicates that the hacking organization affiliated with the North Korean state has separated into distinct subgroups, with different levels of threat capacity working together to defraud the users, said the Bitmex team.
The report follows a series of high -level hacking incidents, social engineering scams and blockchain infiltration and technological companies allocated to the Lazare group and other agents affiliated to North Korea.
In relation: The North Korean spy slips, reveals links in a false job interview
Federal law enforcement organizations and governments are an alarm of an alarm on the Lazare group
Federal law organizations and governments around the world have increasingly investigated the activities of hackers associated with RPDC, learning the alarm on a certain number of current scam strategies employed by these threat actors.
In September 2024, the Federal Bureau of Investigation (FBI) of the United States issued a warning concerning social engineering scams perpetrated by the group supported by the RPDC, including phishing attempts targeting cryptography users with false job offers.
https://www.youtube.com/watch?v=ndv0rfehetq
The governments of Japan, the United States and South Korea echoed the FBI warning in January 2025 and characterized hacking activity as a threat to the financial system.
A recent Bloomberg report suggested that world leaders could discuss the threat of Lazare’s hacking group at the next G7 summit and strategies to mitigate the damage caused by the organization affiliated to the RPDC.
Review: The favorite feat of the revealed Lazarus group – Analysis of cryptographic hacks
