fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Hackers Stole $620 million from Axie Infinity via Fake Job Interviews

Hackers Stole $620 million from Axie Infinity via Fake Job Interviews

The hack that caused Axie Infinity losses of $620 million in crypto started with a fake job offer from North Korean hackers to one of the game’s developers.

The attack happened in March 2022 and pushed into the ground the then massively popular and quickly-growing game from Sky Mavis.

By April 2022, the FBI was able to link the attack to the Lazarus and APT38 hackers, two groups who are often involved in cryptocurrency heists for the North Korean government.

In a recent report from news publication on digital assets The Block, sources with knowledge about the attack said that the threat actors contacted staff at Sky Mavis over LinkedIn, posing as a company looking to hire them.

Also Read: Ways to protect HR data and avoid penalties for data breaches

One senior engineer at Axie Infinity showed interest in the fake job offer, due to the very generous salary, and went through multiple rounds of interviews.

At one point, the engineer received a PDF file with details about the job. However, the document was the hackers’ way into the Ronin systems – the Ethereum-linked sidechain that supports the Axie Infinity non-fungible token-based online video game.

The employee downloaded and opened the file on the company’s computer, initiating an infection chain that enabled the hackers to penetrate Ronin’s systems and corrupt four token validators and one Axie DAO validator.

According to the firm’s post-mortem, the employee who fell victim to the spear-phishing attack has since been removed from its workforce. However, the game is still launching investment initiatives and technical restarts trying to regain its momentum.

The financial damage was so fundamental that Sky Mavis is still in the process of reimbursing the players who were affected by the hack.

Fake job offers

North Korean hackers working for the government have been linked to multiple cryptocurrency hacks over the years.

Last year, a report from Google’s Theat Analysis Group noted that a North Korean hacker group targeted security researchers with custom malware after approaching them over various platforms, including LinkedIn.

In the summer of 2020, members of the Lazarus group targeted employees of cryptocurrency organizations in at least 14 countries using fake job offers.

Earlier this year, the U.S. government warned that the Democratic People’s Republic of Korea (DPRK) is dispatching IT workers to get freelance jobs that could sometimes be used in state-backed attacks.

Research from Cyphere released a year ago showed how easy it was for anyone to post job offers on behalf of a company’s on LinkedIn.

The FBI has recently warned about the perils of fake job postings, highlighting some common signs of fraud that internet users should keep in mind when receiving unsolicited job offers.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us