朝鮮的拉撒路集團繼續加密洗錢行動，部署新惡意軟件以針對開發商

3月13日，區塊鏈安全公司Certik檢測到400個以太坊（ETH）的存款，價值約75萬美元，向龍捲風現金。該交易可追溯到Lazarus在比特幣（BTC）網絡上的活動。

North Korea's notorious Lazarus Group, known for its persistent crypto laundering operations and cyberattacks, continues to deploy new malware to steal digital assets from developers.

朝鮮臭名昭著的拉撒路集團（Lazarus Group）以其持續的加密洗錢業務和網絡攻擊而聞名，他繼續部署新的惡意軟件，以從開發人員那裡竊取數字資產。

The group's activity was evident as early as March 13, when CertiK, a leading blockchain security firm, detected a substantial deposit of 400 Ethereum (ETH), valued at approximately $750,000, into Tornado Cash.

該組織的活動早在3月13日就顯而易見，當時領先的區塊鏈安全公司Certik發現了400個以太坊（ETH）的大量押金，價值約75萬美元，以大約75萬美元的現金。

Further analysis revealed that the ETH deposit was part of a broader transaction on the Bitcoin (BTC) network, directly linked to Lazarus Group's operations.

進一步的分析表明，ETH押金是比特幣（BTC）網絡上更廣泛交易的一部分，該交易直接與拉撒路集團的運營有關。

This activity follows the group's involvement in the massive $1.4 billion Bybit exploit, which unfolded on February 20.

這項活動是在該集團參與2月20日展開的14億美元bybit利用之後。

Following the heist, Lazarus Group engaged in sophisticated efforts to launder the stolen BTC, aiming to obfuscate its trail and maximize gains.

在搶劫之後，拉扎魯斯集團（Lazarus Group）進行了複雜的努力，以洗錢，旨在使自己的步道陷入困境並最大程度地提高收益。

To facilitate the exchange and transfer of such large cryptocurrency amounts, the hackers utilized decentralized exchanges (DEXs), such as THORChain (RUNE), which do not require identity verification.

為了促進如此大的加密貨幣量的交換和轉移，黑客使用了分散的交換（DEX），例如Thorchain（Rune），這些交換不需要身份驗證。

This strategy aligns with Lazarus Group's broader goal of evading detection by cryptocurrency exchanges, which typically require Anti-Money Laundering (AML) procedures.

該策略與Lazarus Group通過加密貨幣交換逃避檢測的更廣泛的目標是一致的，加密貨幣交換通常需要反洗錢（AML）程序。

Reports from Token Terminal indicate that an astounding $2.91 billion flowed through ThorChain in just five days, beginning March 10.

Token Terminal的報導表明，從3月10日開始，一筆驚人的29.1億美元在五天內流經了Thorchain。

This volume of transactions is significantly higher than usual, suggesting a concentrated effort to move and mix the stolen funds.

這項交易量明顯高於平常，這表明要搬遷和混合被盜資金的集中精力。

In another wave of cyber attacks, Lazarus Group has also deployed six new malicious software packages on the Node Package Manager (npm) platform.

在另一波網絡攻擊中，Lazarus Group還在Node軟件包管理器（NPM）平台上部署了六個新的惡意軟件包。

npm is a critical tool used by web3 developers to manage and install JavaScript packages for their projects.

NPM是Web3開發人員用於管理和安裝項目的JavaScript軟件包的關鍵工具。

On March 11, security firm Socket published an analysis of the malware, highlighting its design to steal credentials and crypto wallet data.

3月11日，安全公司插座發布了對惡意軟件的分析，突出了其設計以竊取憑證和加密錢包數據的設計。

The malware, which includes a package called BeaverTail, is disguised as legitimate JavaScript libraries using a common technique called typosquatting.

該惡意軟件（包括稱為Beavertail的軟件包）使用稱為TypoSquatting的通用技術將其偽裝成合法的JavaScript庫。

This method involves slightly altering the names of trusted software to deceive developers into downloading it.

此方法涉及稍微更改受信任軟件的名稱，以欺騙開發人員下載它。

The primary targets of the malware are stored credentials for Chrome, Brave, and Firefox browsers, as well as Solana and Exodus wallets.

惡意軟件的主要目標是存儲的鉻，勇敢和Firefox瀏覽器以及Solana和Exodus Wealts的憑據。

The group has also been attempting to deceive crypto founders with fake Zoom calls.

該小組還試圖用假變焦呼叫欺騙加密創始人。

Hackers are posing as venture capitalists (VCs) and sending crypto founders fake meeting links with claims of audio issues.

黑客冒充風險資本家（VCS），並向加密創始人派遣了與音頻問題主張的虛假會議鏈接。

When victims download a supposed Zoom audio fix, malware is installed on their devices.

當受害者下載假定的變焦音頻修復時，將在其設備上安裝惡意軟件。

Security researchers have reported that several crypto founders have encountered these scams, confirming the scale of Lazarus Group's efforts.

安全研究人員報告說，幾位加密貨幣創始人遇到了這些騙局，證實了拉撒路集團的努力規模。

According to Chainalysis, North Korean hackers stole over $1.3 billion in crypto across 47 attacks in 2024, more than double the amount stolen in 2023.

根據鏈分析，朝鮮黑客在2024年的47次襲擊中偷走了超過13億美元的加密貨幣，這是2023年被盜的兩倍以上。

The majority of these funds were stolen from DeFi protocols, with smaller amounts taken from centralized exchanges and hot wallets.

這些資金中的大多數是從Defi方案中偷來的，其中少量從集中式交換和熱錢包中獲取。

As Lazarus Group continues its crypto heist and laundering operations, the broader blockchain community is urged to remain vigilant and prioritize robust security measures to mitigate the threat posed by these sophisticated hackers.

隨著Lazarus Group繼續其加密攜帶和洗錢行動，敦促更廣泛的區塊鏈社區保持警惕，並確定強大的安全措施，以減輕這些精緻的黑客構成的威脅。