U.S. government warns of cyber theft activities of North Korean-sponsored group targeting cryptocurrencies

Agencies of the U.S. government just issued a concerning notice of certain attacks attempted and committed against Americans by one of the nation’s most prominent enemies, the communist regime of North Korea.

A joint advisory was issued Monday by three federal agencies to explicitly warn against “malicious” cyber threats posed by a North Korean state-sponsored group that was targeting cryptocurrencies, Fox News reported.

The advisory further warned of some of the tactics the group is known to use and provided detailed technical evidence of how the cyber thefts were conducted and how they could be mitigated against.

Targeting crypto

The Cybersecurity and Infrastructure Security Agency, in conjunction with the FBI and Treasury Department, issued the alert Monday in regard to the actions of a North Korean-sponsored outfit called Lazarus Group that is also known as “APT38, BlueNoroff, and Stardust Chollima.”

That group has been observed “targeting a variety of organizations in the blockchain technology and cryptocurrency industry, including cryptocurrency exchanges, decentralized finance (DeFi) protocols, play-to-earn cryptocurrency video games, cryptocurrency trading companies, venture capital funds investing in cryptocurrency, and individual holders of large amounts of cryptocurrency or valuable non-fungible tokens (NFTs).”

The group is alleged to have fraudulently tricked victims into downloading “trojanized cryptocurrency applications” onto their operating systems that are then used to “gain access to the victim’s computer, propagate malware across the victim’s network environment, and steal private keys or exploit other security gaps” as well as “initiate fraudulent blockchain transactions.”

Various techniques

The joint advisory further detailed that the North Korean-sponsored group had “targeted various firms, entities, and exchanges in the blockchain and cryptocurrency industry using spearphishing campaigns and malware to steal cryptocurrency.”

“These actors will likely continue exploiting vulnerabilities of cryptocurrency technology firms, gaming companies, and exchanges to generate and launder funds to support the North Korean regime,” the three federal agencies warned.

As for how the attempted thefts worked, they usually began with “spearphishing messages” that “often mimic a recruitment effort and offer high-paying jobs” that fraudulently convince targeted individuals to “download malware-laced cryptocurrency applications.”

Group linked to $620 million digital currency heist

UPI reported that this joint threat advisory appears to have been issued in response to what has been described as the largest cryptocurrency theft in history that was conducted by the North Korea-connected Lazarus Group.

That group is alleged to have recently pulled off a heist involving approximately $620 million worth of a digital currency known as Ethereum from a blockchain network used by players of the online game Axie Infinity.

That is in addition to an estimated $400 million in thefts of digital or cryptocurrencies in 2021 by the North Korean cybercriminals, and it is believed that those stolen funds are utilized as a way for North Korea to skirt around the harsh economic sanctions imposed on it by the U.S. and other nations.

Share on facebook
Share To Facebook

Welcome to our comments section. We want to hear from you!

Any comments with profanity, advocacy of violence, harassment, personally identifiable information or other violations will be removed. If you feel your comment has been removed in error please contact us!

Latest Posts