The US government has warned that North Korean state-sponsored cyber actors are targeting organizations in the blockchain and cryptocurrency industries.
A joint advisory issued this week by the FBI, CISA and the US Treasury revealed that the notorious Lazarus APT group is targeting organizations operating in this sector using trojanized cryptocurrency applications. These include crypto exchanges, cryptocurrency trading companies, venture capital funds that have invested in cryptocurrency and individuals known to hold large amounts of cryptocurrency or valuable non-fungible tokens (NFTs) and play-to-earn video games.
The government said the group is using social engineering techniques on various communication platforms to lure victims into downloading trojanized cryptocurrency applications on Windows or macOS operating systems. These are primarily targeting employees of cryptocurrency firms working in system administration or software development/IT operations, often impersonating recruiters offering high-paying job opportunities.
Once downloaded, the threat actors use the applications to gain access to the victim’s computer, propagate malware across the network environment and steal private keys or exploit other security gaps. These actions then enable further activities that initiate fraudulent blockchain transactions.
The advisory also set out a series of recommendations for organizations in the blockchain and cryptocurrency sectors to mitigate these threats. These cover areas like patch management, multifactor authentication, user education, email security tools and incident response.
Commenting on the story, Neil Jones, director of cybersecurity evangelism, Egnyte, said: “As the old saying goes, ‘Everything old is new again.’ In this particular case, cyber-attackers are leveraging the oldest tricks in the book to defraud users in the relatively new cryptocurrency and blockchain industries: too-good-to-be-true job offers, targeted spear-phishing research and email execution and user downloads of Trojanized applications.”
He offered the following advice to mitigate the kind of social engineering attacks described in the advisory document: “The good news is that there are proven approaches to prevent such attacks: 1) Remember that if a communication sounds too good to be true, it probably is. Perform research on unanticipated email messages outside of your email platform, and you might even be able to find examples of scams that have leveraged similar messages in the past. 2) Limit the contact details that you provide on social media – particularly for business purposes – and confirm separately with the sender if you receive a message that just doesn’t ‘feel right.’ 3) Utilize effective anti-phishing, endpoint protection and data security solutions and keep them up-to-date. With the massive growth of cryptocurrency trading and the relative ease at which contact details can be found online, I anticipate this trend to increase in the future.”
North Korea has been heavily linked to cryptocurrency thefts recently amid the surging value of digital money. Earlier this week, GitHub traced a $618m crypto heist impacting dozens of organizations to North Korea.
Additionally, in January, a report by blockchain analysis firm Chainalysis found that North Korean cyber-criminals stole nearly $400m worth of cryptocurrency in 2021.