Leading American agencies, including the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the Treasury Department, alerted that North Korean-sponsored hackers seek to exploit crypto firms and exchanges in the USA. The wrongdoers’ main goal is to “generate and launder funds” to support the totalitarian regime in the East Asian country.
Beware of North Korean-Backed Hackers
In a joint advisory, the US agencies highlighted the cyber threat “associated with cryptocurrency thefts and tactics” employed by North Korean-related gangs that started operating in 2020. The most notorious such groups, according to the FBI, the CICA, and the Treasury Department, include “Lazarus,” “APT38, ”Stardust Chollima,” and “BlueNoroff.”
“The US government has observed North Korean cyber actors targeting a variety of organizations in the blockchain technology and cryptocurrency industry, including cryptocurrency exchanges, decentralized finance (DeFi) protocols, play-to-earn cryptocurrency video games, cryptocurrency trading companies, venture capital funds investing in cryptocurrency, and individual holders of large amounts of cryptocurrency or valuable non-fungible tokens (NFTs),” the agencies warned.
The most employed method that the criminal groups use is social engagement with the victims. They encourage individuals to download trojanized digital asset applications on Windows or macOS operating systems. Then, the hackers use the apps to gain access to the victims’ devices to steal private keys or exploit other security gaps.
The advisory predicted that the criminals will likely continue attacking US crypto firms as the stolen funds will solidify Kim Jong-un’s dictatorship regime in North Korea.
To reduce such cases in the future, the American agencies recommended companies and individuals follow several safety measures. Consumers should use network segmentation to separate networks into zones based on roles and requirements. They should also monitor for any malicious attacks on the Internet.
Since North Korean hackers target user credentials, email, social media, and private business accounts, people should change their passwords frequently, the advisory advised.
The Previous Warning
Earlier this year, the Center for a New American Security (CNAS) alerted that North Korea’s most infamous cybercrime organization – the Lazarus Group – has transformed from a “rogue team of hackers to a masterful army of cybercriminals and foreign affiliates.” They steal hundreds of millions of dollars worth of digital assets and use a wide range of sophisticated techniques:
“This major intrusion included a range of sophisticated hacking and laundering techniques, including a professional mixing service and the use of new DeFi platforms in an attempt to obfuscate the activity.”
The CNAS noted that the Lazarus Group stole approximately $300 million worth of crypto in 2020 from the Singapore-based exchange KuCoin.
On another note, North Korean hackers collectively swiped almost $400 million in digital assets in 2021 after breaching the defense of exchanges and investment firms.
Most recently, the FBI indicated that the Lazarus Group is behind the massive Ronin breach, in which the perpetrators stole over $600 million worth of digital assets.