US Government: North Korean Threat Actors Are Targeting Cryptocurrency Organizations

The US government has warned that North Korean state-sponsored cyber actors are targeting organizations in the blockchain and cryptocurrency industries.

A joint advisory issued this week by the FBI, CISA, and the US Treasury revealed that the notorious Lazarus APT group is targeting organizations operating in this sector using trojanized cryptocurrency applications. These include crypto exchanges, cryptocurrency trading companies, venture capital funds that have invested in cryptocurrency, and individuals known to hold large amounts of cryptocurrency or valuable non-fungible tokens (NFTs) and play-to-earn video games.   

The government said the group is using social engineering techniques on various communication platforms to lure victims into downloading trojanized cryptocurrency applications on Windows or macOS operating systems. These are primarily targeting employees of cryptocurrency firms working in system administration or software development/IT operations, often impersonating recruiters offering high-paying job opportunities.

Once downloaded, the threat actors use the applications to gain access to the victim’s computer, propagate malware across the network environment and steal private keys or exploit other security gaps. These actions then enable further activities that initiate fraudulent blockchain transactions.

The advisory also set out a series of recommendations for organizations in the blockchain and cryptocurrency sectors to mitigate these threats. These cover areas like patch management, multifactor authentication, user education, email security tools, and incident response.

Commenting on the story, Neil Jones, director of cybersecurity evangelism, Egnyte, said: “As the old saying goes, ‘Everything old is new again.’ In this particular case, cyber-attackers are leveraging the oldest tricks in the book to defraud users in the relatively new cryptocurrency and blockchain industries: too-good-to-be-true job offers, targeted spear-phishing research, and email execution and user downloads of Trojanized applications.” Read more:

You can also read this: New BHUNT Password Stealer Malware Targeting Cryptocurrency Wallets

Leave a Reply

Your email address will not be published. Required fields are marked *