© 2022 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

The US warns North Korean hackers focus on blockchain firms


State-sponsored hackers aim to grab crypto funds by exploiting vulnerabilities in businesses dealing with blockchain.

The FBI, CISA, and the US Treasury issued an advisory claiming that North Korean state-sponsored advanced persistent threat (APT) groups focus on robbing firms dealing with cryptocurrency.

The infamous hacker group is dubbed the 'Lazarus Group' and is also known as APT38, BlueNoroff, and Stardust Chollima in the industry.

Potential victims include crypto exchanges, decentralized finance (DeFi) protocols, play-to-earn cryptocurrency video games, cryptocurrency trading companies, and individuals holding large amounts of crypto or valuable NFTs.

According to the advisory, threat actors use many techniques, from social engineering to targeted malware. However, the ultimate goal is always the same – to steal funds.

"The cyber actors then use the applications to gain access to the victim's computer, propagate malware across the victim's network environment, and steal private keys or exploit other security gaps," reads the advisory.

According to the statement, as of April 2022, the Lazarus group targeted various firms, entities, and exchanges in the blockchain and cryptocurrency industry using spearphishing campaigns and malware to steal cryptocurrency.

"These actors will likely continue exploiting vulnerabilities of cryptocurrency technology firms, gaming companies, and exchanges to generate and launder funds to support the North Korean regime," the government claims.

The advisory comes days after the FBI attributed the March 29 hack of the Ronin decentralized currency exchange to Lazarus Group and APT 38.

North Korean state-sponsored hacker groups stole over $620 million worth of crypto from the Ronin exchange.

According to blockchain analysis firm Chainalysis, North Korea launched at least seven attacks on cryptocurrency platforms that extracted nearly $400 million worth of digital assets last year.

A United Nations panel of experts monitoring North Korea sanctions has accused Pyongyang of using stolen funds to support its nuclear and ballistic missile programs to circumvent sanctions.

Last year the United States charged three North Korean computer programmers working for the country's intelligence service with a massive, years-long hacking spree to steal more than $1.3 billion in money and cryptocurrency, affecting companies from banks to Hollywood movie studios.

Reports by cybersecurity firm Mandiant show that North Korea aims to expand its profitable operation, setting up new hacker groups. The recently formed Bureau 325 has quickly risen to prominence to become North Korea's "Swiss army knife" cybercriminal gang.


More from Cybernews:

Ransomware attacks on Western infrastructure might have been a wargaming exercise - interview

Are smart rings the next big thing in wearable tech?

Russia experienced the most data breaches in the first quarter of 2022: report

Conti claims responsibility for an attack on wind turbine giant Nordex

Why we need to talk about the cybersecurity skills gap

Subscribe to our newsletter


Leave a Reply

Your email address will not be published. Required fields are marked