朝鲜的拉撒路集团继续加密洗钱行动，部署新恶意软件以针对开发商

3月13日，区块链安全公司Certik检测到400个以太坊（ETH）的存款，价值约75万美元，向龙卷风现金。该交易可追溯到Lazarus在比特币（BTC）网络上的活动。

North Korea's notorious Lazarus Group, known for its persistent crypto laundering operations and cyberattacks, continues to deploy new malware to steal digital assets from developers.

朝鲜臭名昭著的拉撒路集团（Lazarus Group）以其持续的加密洗钱业务和网络攻击而闻名，他继续部署新的恶意软件，以从开发人员那里窃取数字资产。

The group's activity was evident as early as March 13, when CertiK, a leading blockchain security firm, detected a substantial deposit of 400 Ethereum (ETH), valued at approximately $750,000, into Tornado Cash.

该组织的活动早在3月13日就显而易见，当时领先的区块链安全公司Certik发现了400个以太坊（ETH）的大量押金，价值约75万美元，以大约75万美元的现金。

Further analysis revealed that the ETH deposit was part of a broader transaction on the Bitcoin (BTC) network, directly linked to Lazarus Group's operations.

进一步的分析表明，ETH押金是比特币（BTC）网络上更广泛交易的一部分，该交易直接与拉撒路集团的运营有关。

This activity follows the group's involvement in the massive $1.4 billion Bybit exploit, which unfolded on February 20.

这项活动是在该集团参与2月20日展开的14亿美元bybit利用之后。

Following the heist, Lazarus Group engaged in sophisticated efforts to launder the stolen BTC, aiming to obfuscate its trail and maximize gains.

在抢劫之后，拉扎鲁斯集团（Lazarus Group）进行了复杂的努力，以洗钱，旨在使自己的步道陷入困境并最大程度地提高收益。

To facilitate the exchange and transfer of such large cryptocurrency amounts, the hackers utilized decentralized exchanges (DEXs), such as THORChain (RUNE), which do not require identity verification.

为了促进如此大的加密货币量的交换和转移，黑客使用了分散的交换（DEX），例如Thorchain（Rune），这些交换不需要身份验证。

This strategy aligns with Lazarus Group's broader goal of evading detection by cryptocurrency exchanges, which typically require Anti-Money Laundering (AML) procedures.

该策略与Lazarus Group通过加密货币交换逃避检测的更广泛的目标是一致的，加密货币交换通常需要反洗钱（AML）程序。

Reports from Token Terminal indicate that an astounding $2.91 billion flowed through ThorChain in just five days, beginning March 10.

Token Terminal的报道表明，从3月10日开始，一笔惊人的29.1亿美元在五天内流经了Thorchain。

This volume of transactions is significantly higher than usual, suggesting a concentrated effort to move and mix the stolen funds.

这项交易量明显高于平常，这表明要搬迁和混合被盗资金的集中精力。

In another wave of cyber attacks, Lazarus Group has also deployed six new malicious software packages on the Node Package Manager (npm) platform.

在另一波网络攻击中，Lazarus Group还在Node软件包管理器（NPM）平台上部署了六个新的恶意软件包。

npm is a critical tool used by web3 developers to manage and install JavaScript packages for their projects.

NPM是Web3开发人员用于管理和安装项目的JavaScript软件包的关键工具。

On March 11, security firm Socket published an analysis of the malware, highlighting its design to steal credentials and crypto wallet data.

3月11日，安全公司插座发布了对恶意软件的分析，突出了其设计以窃取凭证和加密钱包数据的设计。

The malware, which includes a package called BeaverTail, is disguised as legitimate JavaScript libraries using a common technique called typosquatting.

该恶意软件（包括称为Beavertail的软件包）使用称为TypoSquatting的通用技术将其伪装成合法的JavaScript库。

This method involves slightly altering the names of trusted software to deceive developers into downloading it.

此方法涉及稍微更改受信任软件的名称，以欺骗开发人员下载它。

The primary targets of the malware are stored credentials for Chrome, Brave, and Firefox browsers, as well as Solana and Exodus wallets.

恶意软件的主要目标是存储的铬，勇敢和Firefox浏览器以及Solana和Exodus Wealts的凭据。

The group has also been attempting to deceive crypto founders with fake Zoom calls.

该小组还试图用假变焦呼叫欺骗加密创始人。

Hackers are posing as venture capitalists (VCs) and sending crypto founders fake meeting links with claims of audio issues.

黑客冒充风险资本家（VCS），并向加密创始人派遣了与音频问题主张的虚假会议链接。

When victims download a supposed Zoom audio fix, malware is installed on their devices.

当受害者下载假定的变焦音频修复时，将在其设备上安装恶意软件。

Security researchers have reported that several crypto founders have encountered these scams, confirming the scale of Lazarus Group's efforts.

安全研究人员报告说，几位加密货币创始人遇到了这些骗局，证实了拉撒路集团的努力规模。

According to Chainalysis, North Korean hackers stole over $1.3 billion in crypto across 47 attacks in 2024, more than double the amount stolen in 2023.

根据链分析，朝鲜黑客在2024年的47次袭击中偷走了超过13亿美元的加密货币，这是2023年被盗的两倍以上。

The majority of these funds were stolen from DeFi protocols, with smaller amounts taken from centralized exchanges and hot wallets.

这些资金中的大多数是从Defi方案中偷来的，其中少量从集中式交换和热钱包中获取。

As Lazarus Group continues its crypto heist and laundering operations, the broader blockchain community is urged to remain vigilant and prioritize robust security measures to mitigate the threat posed by these sophisticated hackers.

随着Lazarus Group继续其加密携带和洗钱行动，敦促更广泛的区块链社区保持警惕，并确定强大的安全措施，以减轻这些精致的黑客构成的威胁。