BitMEX developed an automated monitoring tool after uncovering a misconfigured Supabase database used by Lazarus Group malware, which led to the identification of at least 10 accounts likely used for malware testing and development.
Claim
Quotes that support claims
"Once we had this information, we created a simple program that would query this database on a regular basis and log new infections with the goal of understanding the general profile of victims and potentially spotting new mistakes by the operators," the team wrote, noting they appear to have uncovered at least 10 potential "accounts used to test or develop the malware."
By looking at the username, hostname and IPs of past infections, we were also able to identify other computers and accounts used to test or develop the malware used in this campaign.
Referenced by
Attack tactics and security response
Crypto news
Data block
