|
|
Liquidity is about to flow from the banking system to the risk market.
However, a loud whistle must be sounded here—state-level hacker organizations are eyeing assets in the crypto market. As entrepreneurs and investors, you must guard your wallets!
1. Beichen: What is a national-level APT?
Steven: APT stands for Advanced Persistent Threat, commonly referred to as illegal hacker organizations with economic motives in the field of cybersecurity. Legal hacker organizations are specialized in identifying threats and reporting them for profit, known as white hats, and are not considered APT.
The highest level of APT is the national-level APT, which often attacks others for strategic purposes. However, most national-level hacker organizations cannot be considered APT because they are very loose and attacks are generally initiated after someone calls for action.
2. Beichen: So, only well-organized and strategically motivated national-level hacker organizations are considered national-level APT?
Steven: It can only be said that the vast majority of national-level APTs do not have economic motives and primarily execute espionage missions for strategic or military purposes. The most powerful ones are Equation Group and Project Sauron, affiliated with the United States National Security Agency, which primarily target countries like Russia and China to steal sensitive information. Russia also has strong capabilities, such as Fancy Bear affiliated with the Main Intelligence Directorate of the Russian General Staff and Cozy Bear affiliated with the Russian Foreign Intelligence Service.
Only Lazarus conducts attacks for economic purposes. It is affiliated with a mysterious country in the East and warrants vigilance from everyone in the crypto industry.
3. Beichen: How do they disguise their identities during recruitment?
Steven: Lazarus's organization has clear divisions of labor, with some responsible for data monitoring, some specialized in social engineering to identify targets, some focusing on technical attacks, and others involved in money laundering. Overall, it's a super-powerful team dedicated to this activity, so their efficiency is very high.
Here are a few common attack methods Lazarus employs in the crypto industry.
Targeting Mac operating systems, they disguise a Python program as an arbitrage bot, load the attack code into the Mac's memory, and hide the payload in Google Cloud services disks, making it difficult for antivirus software to detect. They also utilize spear-phishing attacks on social platforms, monitoring community members to identify active traders, and sending targeted messages with malicious links or emails.
Higher-level attacks involve infiltrating as code contributors to projects, allowing them to include malicious code.
11. Beichen: How do individuals in the crypto industry avoid such attacks?
Steven: Firstly, utilize centralized exchanges. Although it goes against the ethos of crypto, many people find it challenging to manage their private keys securely. Secondly, use iOS devices when possible, and it's best to have dedicated devices.
Thirdly, exercise caution with unknown emails and messages on social platforms. It's also advisable to use hardware wallets, keeping cold and hot wallets separate and at different security levels.
Lastly, follow strict security protocols, including using multisignature wallets, and conduct code audits to detect vulnerabilities. However, high-level attacks like those from Lazarus are difficult to prevent, so seeking professional security services is recommended.
If assets are intercepted on-chain, reporting to authorities or relying on personal connections within the industry may be necessary. Hiring professional security teams, such as SlowMist or CertiK, is advisable. Small, specialized teams often outperform larger cybersecurity firms in this field.
In the current crypto landscape, where regulatory control is minimal, individuals and projects should prioritize security to prevent attacks, even from formidable adversaries like Lazarus. |
|
Post time 31-3-2024 13:32:47