The United States government has issued a warning about the targeting of organizations in the blockchain and cryptocurrency industries by North Korean state-sponsored cyber actors. According to a joint advisory from the FBI, CISA, and the US Treasury, the infamous Lazarus APT group is actively targeting entities in this sector by using trojanized cryptocurrency applications.
The targets of these attacks include crypto exchanges, cryptocurrency trading companies, venture capital funds that have invested in cryptocurrency, individuals holding significant amounts of cryptocurrency or valuable non-fungible tokens (NFTs), and participants in play-to-earn video games.
The method employed by the Lazarus group involves social engineering techniques on various communication platforms to deceive victims into downloading trojanized cryptocurrency applications on Windows or macOS operating systems. These malicious applications are primarily aimed at employees of cryptocurrency firms working in system administration or software development/IT operations, often under the guise of high-paying job opportunities from fake recruiters.
Once the trojanized applications are downloaded, the cyber actors gain access to the victim’s computer, spread malware throughout the network environment, and pilfer private keys or exploit other security vulnerabilities. These actions enable the threat actors to conduct fraudulent blockchain transactions.
In response to these threats, the advisory provides recommendations for organizations in the blockchain and cryptocurrency sectors to enhance their security measures. These recommendations include patch management, multifactor authentication, user education, email security tools, and incident response protocols.
Neil Jones, director of cybersecurity evangelism at Egnyte, commented on the situation, emphasizing the need for vigilance and caution in the face of social engineering attacks. He advised organizations to conduct thorough research on unexpected communications, limit the dissemination of contact details on social media, and utilize effective anti-phishing, endpoint protection, and data security solutions to combat these threats.
North Korea has been increasingly associated with cryptocurrency thefts as the value of digital currencies continues to rise. Recently, GitHub traced a $618 million crypto heist impacting numerous organizations back to North Korea. Furthermore, a report by blockchain analysis firm Chainalysis revealed that North Korean cyber-criminals stole nearly $400 million worth of cryptocurrency in 2021.
The prevalence of these cyber threats underscores the importance of robust cybersecurity measures in the blockchain and cryptocurrency industries to safeguard against malicious actors seeking to exploit vulnerabilities for financial gain.