The US government warns of North Korean cyber actors targeting blockchain and cryptocurrency industries
The US government has issued a warning about North Korean state-sponsored cyber actors targeting organizations in the blockchain and cryptocurrency industries. A joint advisory by the FBI, CISA, and the US Treasury revealed that the notorious Lazarus APT group is actively targeting organizations in this sector using trojanized cryptocurrency applications.
Targeted Organizations
The targets of this cyber attack include crypto exchanges, cryptocurrency trading companies, venture capital funds that have invested in cryptocurrency, individuals holding large amounts of cryptocurrency or valuable NFTs, and players of play-to-earn video games.
Modus Operandi
The Lazarus APT group is using social engineering techniques on various communication platforms to trick victims into downloading trojanized cryptocurrency applications on Windows or macOS operating systems. These applications are primarily aimed at employees of cryptocurrency firms working in system administration or software development/IT operations, often posing as recruiters offering lucrative job opportunities.
Once the trojanized applications are downloaded, the threat actors gain access to the victim’s computer, spread malware across the network, and steal private keys or exploit security vulnerabilities. This enables them to carry out fraudulent blockchain transactions.
Recommendations for Mitigation
The advisory provided by the government includes recommendations for organizations in the blockchain and cryptocurrency sectors to mitigate these threats. These recommendations cover areas such as patch management, multifactor authentication, user education, email security tools, and incident response protocols.
Expert Advice
Neil Jones, director of cybersecurity evangelism at Egnyte, highlighted the importance of being cautious and vigilant against social engineering attacks. He advised users to research unexpected email messages, limit contact details on social media, and utilize effective anti-phishing and endpoint protection solutions to prevent falling victim to such attacks.
North Korea’s Involvement in Cryptocurrency Theft
North Korea has been increasingly linked to cryptocurrency thefts, with recent incidents including a $618 million crypto heist traced back to North Korea by GitHub. A report by Chainalysis also revealed that North Korean cyber-criminals stole nearly $400 million worth of cryptocurrency in 2021.
As the value of digital currency continues to rise, it is essential for organizations in the blockchain and cryptocurrency industries to stay vigilant and implement robust cybersecurity measures to protect themselves against cyber threats.