- The company has been under attack since March 2023.
- The attackers used social engineering techniques such as aggressive spamming and phishing.
Payment platform CoinsPaid, in conjunction with Match System, has released the results of an investigation into the Lazarus group’s latest attack on its infrastructure.
The report says the hackers spent about six months studying CoinsPaid and tracking down the company’s payment services. The firm also tracked the hackers’ actions minute by minute during the attack and determined which services and platforms were used to launder the stolen funds.
CoinsPaid has been under attack since March 2023. Attackers used DDoS and BruteForce techniques to find vulnerabilities. On July 7, there was high online activity for an hour, with more than 150,000 different IP addresses involved in the attack, the document said.
Since March, hackers have been actively using social engineering, including a variety of techniques to probe technical infrastructure. Other methods included email spamming and phishing to gain access to the accounts of CoinsPaid team members and their clients.
In June and July, hackers offered bogus hires for the company’s critical employee positions by circulating offers through various messengers.
Fake recruiters sent job ads with salaries ranging from $16,000 to $24,000 per month. During the interview process, through deception, they tried to convince candidates to install the JumpCloud Agent program, which was compromised in July 2023 specifically to attack cryptocurrency companies.
We previously reported that CoinsPaid’s losses totaled $37.3 million. You can also read a comment on the incident from a platform representative in our story.