BitMEX Team Uncovers North Korean Hacker Group’s Security Errors

Security analysts at the BitMEX crypto exchange identified weaknesses in the operational practices of the Lazarus Group. This North Korean state-sponsored hacking network was the subject of a counter-operations investigation by BitMEX. The probe revealed specific digital traces left behind by the group.

BitMEX-Security-Team-Exposed-Lazarus-Group-Hacker-Real-IP-Accidentally-Due-To-VPN-Mistake-China-Location

Source: BitMEX

The investigation uncovered active Internet Protocol (IP) addresses used by the hackers. It also exposed an internal database and tracking tools employed by the malicious actors. BitMEX researchers state a high probability exists that at least one hacker made a critical mistake. This individual appears to have accidentally revealed his real, uncloaked IP address during operations.

Analysis of this IP address places the hacker’s actual location in Jiaxing, China

Furthermore, the BitMEX team gained access to a specific instance of the Supabase database. Lazarus Group utilized this platform. Supabase offers simplified interfaces for deploying and managing databases for applications. Access provided a direct view into some of the group’s infrastructure.