On Monday, US State Agencies released an advisory warning against North Korea’s Lazarus Hacking group as attacks targeting the cryptocurrency and blockchain industries continue to rise.
The advisory was jointly released by The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the U.S. Treasury Department (Treasury).
The agencies said that the other names for the group includes APT38, BlueNoroff and Stardust Chollima.
The advisory reports that the Lazarus Group used AppleJeus and other trojanized cryptocurrency applications to target individuals and crypto companies. They are targeted through the dissemination of cryptocurrency trading apps that were in turn modified to include malware that enables crypto theft.
Uptil now, North Korea’s Lazarus Group actors have targeted various firms, entities, and exchanges in the blockchain and crypto space using spear phishing drives and malware to steal cryptocurrency.
The report further added, “The messages often mimic a recruitment effort and offer high-paying jobs to entice the recipients to download malware-laced cryptocurrency applications, which the U.S. government refers to as TraderTraitor”.
The targeted entities include cryptocurrency exchanges, decentralized finance (DeFi) protocols, play-to-earn cryptocurrency video games, venture capital funds investing in cryptocurrency, and individual holders of cryptocurrency or valuable non-fungible tokens (NFTs).
The advisory comes after the Treasury Department had blamed Lazarus for a $625 million cryptocurrency theft from the Ronin bridge linked to popular play-to-earn game Axie Infinity.
The agencies advised companies and individuals to secure against hacker’s social engineering attempts by patching all systems, prioritizing patching known exploited vulnerabilities, and educating users to recognize and report phishing attempts.
They have also advised multifactor authentication, endpoint protection, enforce application security and creating an incident response plan to respond to possible cyber intrusions.
