The Cybersecurity Advisory Report (CSA), published by the Cybersecurity & Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation, the U.S. Treasury Department and the Federal Bureau of Investigation (FBI), concerning North Korean state-sponsored cryptocurrency activities. U.S. officials claim that they have witnessed North Korean hackers targeting particular blockchain companies.
FBI Alleges North Korean Hacking Activity Is on the Rise, Report Highlights Lazarus Group’s Activities
The FBI, alongside a number of U.S. agencies, published a CSA report called “North Korean State-Sponsored APT Targets Blockchain Companies.” The report details that the APT (advanced persistent threat) has been state-sponsored and active since 2020. Lazarus Group is the name of the group, which the FBI says has been accused of many malicious hacking attempts.
North Korean cyber actors target a variety of organizations such as “organizations in the blockchain technology and cryptocurrency industry, including cryptocurrency exchanges, decentralized finance (defi) protocols, play-to-earn cryptocurrency video games, cryptocurrency trading companies, venture capital funds investing in cryptocurrency, and individual holders of large amounts of cryptocurrency or valuable non-fungible tokens (NFTs).”
The FBI’s CSA report follows the recent Office of Foreign Assets Control (OFAC) update which accuses Lazarus Group and North Korean cyber actors of being involved in the Ronin bridge attack. The OFAC update published Tornado Cash, an ethereum-mixing project that leveraged Chainalysis tools and prevented OFAC-sanctioned addresses from using the protocol.
‘Apple Jesus’ Malware and the ‘TraderTraitor’ Technique
According to the FBI, Lazarus Group leveraged malicious malware called “Apple Jesus,” which trojanizes cryptocurrency companies.
“As of April 2022, North Korea’s Lazarus Group actors have targeted various firms, entities, and exchanges in the blockchain and cryptocurrency industry using spearphishing campaigns and malware to steal cryptocurrency,” the CSA report highlights. “These actors will likely continue exploiting vulnerabilities of cryptocurrency technology firms, gaming companies, and exchanges to generate and launder funds to support the North Korean regime.”
According to FBI officials, the North Korean hackers sent massive spearphishing emails to workers at crypto companies. They would usually target Devops workers and IT professionals. The tactic is called “TraderTraitor” and it often mimics “a recruitment effort and offer high-paying jobs to entice the recipients to download malware-laced cryptocurrency applications.” The FBI concludes that organizations should report anomalous activity and incidents to the CISA 24/7 Operations Center or visit a local FBI field office.
What do you think about the FBI’s claims about North Korean state-sponsored cyber attackers? Let us know what you think about the FBI’s latest report in the comments section below.
Images CreditsShutterstock. Pixabay. Wiki Commons
DisclaimerThis information is provided for educational purposes only. It does not constitute an offer, solicitation, or recommendation of selling or buying products or services. Bitcoin.com is not a provider of investment, tax, legal or accounting advice. This article does not contain any information, products, or advice that can be used to cause or alleged result in any kind of damage.