Three agencies warned that North Korean-sponsored Lazarus Group and subsidiaries are targeting companies linked to blockchain technology and working with crypto and NFTs.
Three federal law enforcement agencies issued a joint Cybersecurity Advisory spotlighting a new cyber threat associated with North Korean state-sponsored actors and specifically targeting blockchain and cryptocurrency companies.
Outlined in the CSA on Monday, the Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency, and the U.S. Treasury Department warned of cryptocurrency theft after cyberattacks on blockchain companies by hackers using AppleJeus malware.
The two cyber actors named are HIDDEN COBRA and BeagleBoyz, a subsidiary of the former. Both entities are associated with the cyberattack group Lazarus Group, otherwise known as APT38, BlueNoroff and Stardust Chollima.
Officials have warned cryptocurrency organizations and other decentralized digital monetary products and assets are vulnerable to the hacks.
“The U.S. government has observed North Korean cyber actors targeting a variety of organizations in the blockchain technology and cryptocurrency industry, including cryptocurrency exchanges, decentralized finance protocols, play-to-earn cryptocurrency video games, cryptocurrency trading companies, venture capital funds investing in cryptocurrency and individual holders of large amounts of cryptocurrency or valuable non-fungible tokens,” the advisory said.
Both individuals and companies working with cryptocurrency transactions online are targeted by the actors. Online crypto exchanges and firms have suffered theft that were modified by the group’s malware.
“These actors will likely continue exploiting vulnerabilities of cryptocurrency technology firms, gaming companies and exchanges to generate and launder funds to support the North Korean regime,” the CSA adds.
The Office of Foreign Assets Control issued sanctions against the Lazarus Group earlier last week. These sanctions potentially extend to victims and their insurance companies paying out ransom requests following a hack.
Malware is implemented usually via spearfishing tactics, often mimicking lucrative job recruitment efforts, with victims unwittingly downloading various malware onto network devices.
Federal officials recommend using modern security principles, endpoint protection, HTML and email scanning and some mitigating measures.
This comes as Treasury barred U.S. citizens from issuing transactions with cryptocurrency exchange company SUEX. The company is accused of laundering ransomware payments to criminals.