State-sponsored hackers aim to grab crypto funds by exploiting vulnerabilities in businesses dealing with blockchain.
The FBI, CISA, and the US Treasury issued an advisory claiming that North Korean state-sponsored advanced persistent threat (APT) groups focus on robbing firms dealing with cryptocurrency.
The infamous hacker group is dubbed the 'Lazarus Group' and is also known as APT38, BlueNoroff, and Stardust Chollima in the industry.
Potential victims include crypto exchanges, decentralized finance (DeFi) protocols, play-to-earn cryptocurrency video games, cryptocurrency trading companies, and individuals holding large amounts of crypto or valuable NFTs.
According to the advisory, threat actors use many techniques, from social engineering to targeted malware. However, the ultimate goal is always the same – to steal funds.
"The cyber actors then use the applications to gain access to the victim's computer, propagate malware across the victim's network environment, and steal private keys or exploit other security gaps," reads the advisory.
According to the statement, as of April 2022, the Lazarus group targeted various firms, entities, and exchanges in the blockchain and cryptocurrency industry using spearphishing campaigns and malware to steal cryptocurrency.
"These actors will likely continue exploiting vulnerabilities of cryptocurrency technology firms, gaming companies, and exchanges to generate and launder funds to support the North Korean regime," the government claims.
North Korean state-sponsored hacker groups stole over $620 million worth of crypto from the Ronin exchange.
According to blockchain analysis firm Chainalysis, North Korea launched at least seven attacks on cryptocurrency platforms that extracted nearly $400 million worth of digital assets last year.
A United Nations panel of experts monitoring North Korea sanctions has accused Pyongyang of using stolen funds to support its nuclear and ballistic missile programs to circumvent sanctions.
Last year the United States charged three North Korean computer programmers working for the country's intelligence service with a massive, years-long hacking spree to steal more than $1.3 billion in money and cryptocurrency, affecting companies from banks to Hollywood movie studios.
Reports by cybersecurity firm Mandiant show that North Korea aims to expand its profitable operation, setting up new hacker groups. The recently formed Bureau 325 has quickly risen to prominence to become North Korea's "Swiss army knife" cybercriminal gang.
More from Cybernews:
Subscribe to our newsletter