Lazarus Group Tops Global Hack Mentions As Spear Phishing Attacks Surge

bitcoinistDipublikasikan tanggal 2025-12-01Terakhir diperbarui pada 2025-12-01

Abstrak

According to a report from South Korean security firm AhnLab, state-linked hacking organizations like the North Korea-backed Lazarus Group relied...

Trusted Editorial content, reviewed by leading industry experts and seasoned editors. Ad Disclosure

According to a report from South Korean security firm AhnLab, state-linked hacking organizations like the North Korea-backed Lazarus Group relied heavily on spear phishing to steal funds and gather intelligence over the last 12 months. The group often posed as conference organizers, job contacts or colleagues to trick people into opening files or running commands.

Lazarus Group: Spear Phishing Turns More Realistic With AI Lures

Reports have disclosed that one unit known as Kimsuky used artificial intelligence to forge military ID images and lodge them inside a ZIP file to make messages look legitimate.

Security researchers say the fake IDs were convincing enough that recipients opened the attachments, which then ran hidden code. The incident has been traced to mid-July 2025 and appears to mark a step up in how attackers craft their lures.

Image: Adobe Stock

The aim is simple. Get a user to trust a message, open a file, and the attacker gets a way in. That access can lead to stolen credentials, seeded malware or drained crypto wallets. The groups linked to Pyongyang have been tied to attacks on finance and defense targets, among others.

Lazarus Group Victims Asked To Execute Commands

Some campaigns did not rely only on hidden exploits. In several cases, targets were tricked into typing PowerShell commands themselves, sometimes while believing they were following official instructions.

Total crypto market cap currently at $2.91 trillion. Chart: TradingView

That step lets attackers run scripts with high privileges without needing a zero-day. Security outlets have warned that this social trick is spreading and can be hard to spot.

Lazarus Group: Old File Types, New Tricks

Attackers also abused Windows shortcut files and similar formats to hide commands that run silently when a file is opened. Researchers have documented nearly 1,000 malicious .lnk samples tied to broader campaigns, showing that familiar file types remain a favorite delivery method. Those shortcuts can execute hidden arguments and pull down further payloads.

Why This Matters Now

This makes the attacks harder to stop: tailored messages, AI-forged visuals, and tricks that ask users to run code. Multi-factor authentication and software patches help, but training people to treat unusual requests with suspicion remains key. Security teams advocate basic safety nets: update, verify, and when in doubt, check with a known contact.

According to reports, Lazarus Group and Kimsuky continue to be active. Lazarus, based on AhnLab’s findings, received the most mentions in post-cybercrime analyses over the last 12 months. The group has been singled out for financially motivated hacks, while Kimsuky seems more focused on intelligence gathering and tailored deception.

Featured image from Anadolu, chart from TradingView

Editorial Process for bitcoinist is centered on delivering thoroughly researched, accurate, and unbiased content. We uphold strict sourcing standards, and each page undergoes diligent review by our team of top technology experts and seasoned editors. This process ensures the integrity, relevance, and value of our content for our readers.

Christian, a journalist and editor with leadership roles in Philippine and Canadian media, is fueled by his love for writing and cryptocurrency. Off-screen, he's a cook and cinephile who's constantly intrigued by the size of the universe.

Bacaan Terkait

‘Kami Berusaha Mempertahankan Bitcoin’: Mengapa Dukungan Komunitas terhadap BIP-110 Mulai Luntur

Proposal Perbaikan Bitcoin (BIP-110), sebuah usul soft fork yang kontroversial, kembali menjadi perbincangan. Adam Back, CEO Blockstream, menyatakan bahwa diskusi seputar BIP-110 dan kebijakan OP_RETURN didorong oleh kesalahpahaman tentang arsitektur Bitcoin. Ia mengakui bahwa banyak pendukung BIP-110 adalah pendatang baru yang bermaksud baik, tetapi menyesali kemungkinan mereka memisahkan diri tanpa memahami mengapa komunitas Bitcoin secara tegas menolak proposal tersebut. BIP-110 diimplementasikan pada Desember 2025 dengan tujuan mencegah data arbitrer, seperti inskripsi Ordinals yang mirip NFT, membanjiri jaringan dan mengganggu fungsi utama Bitcoin sebagai sistem kas peer-to-peer. Back mengakui spam adalah masalah nyata, namun berargumen bahwa Bitcoin sudah mengatasinya melalui mekanisme pasar seperti biaya transaksi, insentif penambang, dan konsensus terdesentralisasi, bukan aturan restriktif. Lebih lanjut, Back menyatakan BIP-110 bertentangan dengan sifat Bitcoin yang tanpa izin (permissionless). Ia menyimpulkan bahwa siapa pun yang tidak setuju dengan arah Bitcoin dapat melakukan fork dan menerapkan peraturan sendiri, tetapi fork berbasis BIP-110 kecil kemungkinannya berhasil karena kurangnya dukungan komunitas dan bertentangan dengan ide fundamental Bitcoin. Sentimen serupa diungkapkan oleh Michael Saylor dari MicroStrategy. Kritik ini muncul setelah hanya 10 dari 2.016 blok yang mendukung upgrade sementara pada 4 Juli. Aktivitas Ordinals juga telah turun ke level terendah sepanjang masa, dengan kurang dari 10.000 Ordinals ditambahkan per hari dalam sebulan terakhir. Harga Bitcoin sendiri telah turun 45% dalam setahun terakhir.

ambcrypto6j yang lalu

‘Kami Berusaha Mempertahankan Bitcoin’: Mengapa Dukungan Komunitas terhadap BIP-110 Mulai Luntur

ambcrypto6j yang lalu

Trading

Spot
活动图片