{"id":24455,"date":"2025-06-02T18:30:00","date_gmt":"2025-06-02T15:30:00","guid":{"rendered":"https:\/\/forklog.com\/en\/bitmex-uncovers-operational-security-flaws-in-lazarus-group\/"},"modified":"2025-06-02T18:30:00","modified_gmt":"2025-06-02T15:30:00","slug":"bitmex-uncovers-operational-security-flaws-in-lazarus-group","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/bitmex-uncovers-operational-security-flaws-in-lazarus-group\/","title":{"rendered":"BitMEX Uncovers Operational Security Flaws in Lazarus Group"},"content":{"rendered":"<p>The North Korean state-affiliated hacking group, Lazarus Group, exhibits &#8220;amateur-level blunders&#8221; in operational security, according to findings from a <a href=\"https:\/\/blog.bitmex.com\/bitmex-busts-lazarus-group\/\">BitMEX<\/a> investigation.<\/p>\n<p>Experts identified an IP address, a database, and tracking algorithms used by the cybercriminals.<\/p>\n<p>One group member failed to use a VPN, revealing their actual location in Jiaxing, China. This information was obtained after a hacker contacted a company employee via LinkedIn under the guise of an NFT partnership.<\/p>\n<p>The perpetrator attempted to persuade the victim to run a GitHub project on their computer containing malicious code. According to BitMEX representatives, this tactic is a hallmark of the North Korean group&#8217;s activities.<\/p>\n<p>Analysts also gained access to the Supabase platform, used for deploying databases with simple interfaces for applications utilized by Lazarus.<\/p>\n<p>The analysis revealed a connection between the low-skilled social engineering team members and their colleagues responsible for identifying code vulnerabilities. BitMEX suggested the existence of subgroups within the organization with varying levels of expertise.<\/p>\n<p>Back in March 2025, North Korean hackers <a href=\"https:\/\/forklog.com\/en\/news\/north-korean-hackers-exploit-zoom-to-target-crypto-entrepreneurs\">attempted to breach<\/a> crypto entrepreneurs via Zoom. In the same month, the hackers launched a new vector of <a href=\"https:\/\/forklog.com\/en\/news\/lazarus-hackers-launch-new-attack-via-github\">attacks on digital assets<\/a> through the developer platform GitHub.<\/p>\n<p>In April, Manta Network co-founder Kenny Li <a href=\"https:\/\/forklog.com\/en\/news\/manta-network-co-founder-evades-lazarus-groups-zoom-attack\">disclosed<\/a> details of an attempted hack, allegedly orchestrated by Lazarus.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The North Korean state-affiliated hacking group, Lazarus Group, exhibits &#8220;amateur-level blunders&#8221; in operational security, according to findings from a BitMEX investigation. Experts identified an IP address, a database, and tracking algorithms used by the cybercriminals. One group member failed to use a VPN, revealing their actual location in Jiaxing, China. This information was obtained after [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":24454,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[788,44,1125],"class_list":["post-24455","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-bitmex","tag-cybercrime","tag-lazarus"],"aioseo_notices":[],"amp_enabled":true,"views":"148","promo_type":"","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/24455","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=24455"}],"version-history":[{"count":0,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/24455\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/24454"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=24455"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=24455"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=24455"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}