From the findings based on Axie Infinity’s cybersecurity compromise last March, researchers disclosed that it could have been initiated from a spear-phishing-based fake LinkedIn employment offer that caused the hack on the popular crypto play-to-earn platform.
Since the attack, limited information was released on the investigation, including how the US authorities attributed it to the North Korea-based Lazarus threat group. Other critical details had not been shared until recently.
According to a report from anonymous sources, the attack on the crypto platform began when one of their employees was tricked with a fake job offer from a non-existent company on LinkedIn.
The victimised employee was offered a job opportunity via LinkedIn and went through several interviews. After passing the fake assessment procedures, they were eventually accepted and offered a job that had very generous employment benefits.
The story went south when the PDF file of the fake job offer had deployed spyware to the victim’s computer when they opened it. Researchers explained that the spyware had quickly infected Ronin, Axie Infinity’s Ethereum-linked sidechain, and had taken over four of nine validators in Ronin’s network.
Researchers highlighted that the incident is an example of how vulnerable companies could be against file-based threats, allowing threat actors to hack into systems through documents or files shared externally and internally. They also added that anyone must not easily trust files from third-party sources no matter how legitimate they look on the surface.
Moreover, the experts said that companies are more advised to take a proactive approach than a reactive, as it is a far more efficient and cost-effective way of dealing with cybersecurity incidents. An example is the CDR technology or Content Disarm and Reconstruction, a computer security technology that could help remove malicious codes from files.
In a digital environment where a threat cannot exist, users can trust that any document that comes from outside a system or leaves it is safe from any potential cybersecurity threat. The CDR technology could allow organisations to continue regular business operations without sacrificing security and productivity.
