FBI and CSIA issue alert over North Korean cyberattacks on crypto targets

Published at: April 19, 2022

The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have issued an alert on North Korean state-sponsored cyber threats that target blockchain companies in response to the Ronin Bridge hack last month.

The alert was issued on Monday in conjunction with the FBI and the Treasury Department, which had warnings and mitigation suggestions for blockchain and crypto firms to ensure their own operations remain safe from hackers.

With the @FBI, and @USTreasury, we released a new cybersecurity advisory on North Korean state-sponsored activity targeting blockchain technology and the cryptocurrency industry. Read the technical guidance and mitigation strategies: https://t.co/Oio478Ouv3 pic.twitter.com/VLa3HUrsPY

— Cybersecurity and Infrastructure Security Agency (@CISAgov) April 18, 2022

Lazarus is not the only hacker group listed by name as an advanced persistent threat (APT). Included among Lazarus are APT38, BlueNoroff and Stardust Chollima. These groups and others like them have been observed targeting what the bulletin called “a variety of organizations in the blockchain technology and cryptocurrency industry,” such as exchanges, decentralized finance (DeFi) protocols and play-to-earn games.

Their efforts filled their coffers with $400 million in stolen crypto funds in 2021, according to a report from Chainalysis. The regime has already topped that amount this year with the Ronin Bridge hack from which it extracted about $620 million in crypto in late March.

The CSIA does not believe the rate of thefts will see a downturn any time soon, as it stated that groups are using spearphishing and malware to steal crypto. It added that:

“These actors will likely continue exploiting vulnerabilities of cryptocurrency technology firms, gaming companies, and exchanges to generate and launder funds to support the North Korean regime.”

Kim Jong-un’s staunch refusal to dismantle his nuclear weapons program forced the United States to levy some of the harshest economic sanctions ever against his country. This has led him to turn to cryptocurrency to fund the nuclear weapons program since his cash flows through traditional means have been almost entirely sealed off.

While the alert goes into greater detail about exactly how these groups use malware such as AppleJeus to target blockchain and crypto firms, it also offers suggestions on how users can mitigate the risk to themselves and their users’ funds. Most of the recommendations are common sense security procedures such as using multi-factor authentication on private accounts, educating users on common social engineering threats, blocking newly registered domain emails and endpoint protection.

Related: The aftermath of Axie Infinity’s $650M Ronin Bridge hack

The laundry list of mitigation strategies firms should take to ensure they are secure from harm include all sensible suggestions. However, the CSIA believes that education and awareness of the existent threat is one of the best strategies.

“A cybersecurity aware workforce is one of the best defenses against social engineering techniques like phishing,” it concluded.

Tags
Fbi
Related Posts
FBI to reform virtual currency practices following DoJ recommendations
A recently released U.S. Department of Justice audit of the Federal Bureau of Investigation’s (FBI) practices in regards to darknet criminal investigations concluded that the law enforcement agency is in disarray — and an overarching "cryptocurrency support strategy" might be among the solutions. According to an unclassified version of the audit released on Thursday, the FBI’s current darknet investigation efforts are — perhaps ironically — hampered by a “decentralized” set of practices, policies, and training programs, as well as compartmentalized intelligence leading to “redundant” efforts. Notably, the audit found that there are two separate Virtual Currency Teams that assist with …
Blockchain / Dec. 19, 2020
US authorities go after 280 crypto accounts allegedly tied to North Korea
"The Justice Department today filed a civil forfeiture complaint detailing two hacks of virtual currency exchanges by North Korean actors," said an Aug. 27 statement from the U.S. Department of Justice, or DoJ. "These actors stole millions of dollars’ worth of cryptocurrency and ultimately laundered the funds through Chinese over-the-counter (OTC) cryptocurrency traders." The hackers allegedly utilized 280 different digital asset accounts. March 2020 saw details of a 2019 legal case surface, in which two Chinese nationals allegedly hijacked piles of crypto assets totaling $250 million. This ordeal appears to be connected with the present day news, the DoJ statement …
Blockchain / Aug. 27, 2020
Infamous North Korean hacker group identified as suspect for $100M Harmony attack
The Lazarus Group, a well-known North Korean hacking syndicate, has been identified as the primary suspect in the recent attack that saw $100 million stolen from the Harmony protocol. According to a new report published Thursday by blockchain analysis firm Elliptic, the manner in which Harmony’s Horizon bridge was hacked and the way in which the stolen digital assets were consequently laundered bears a striking resemblance to other Lazarus Group attacks. “There are strong indications that North Korea’s Lazarus Group may be responsible for this theft, based on the nature of the hack and the subsequent laundering of the stolen …
Blockchain / June 30, 2022
Proactive sanctions can help spare the ecosystem: Chainalysis exec
As many countries, entities and even individuals face international sanctions, the crypto industry seeks to find its place among increasing regulations. Digital currencies have often been mentioned as an avenue for those subject to sanctions to divert them, such as in the recent case of Russia. In such instances, exchanges and other industry players need to understand where they stand compliance-wise. Research out of Harvard even suggested that central banks can use Bitcoin (BTC) to fight off sanctions. Speaking to Cointelegraph's managing editor Alex Cohen at the Israel Crypto Conference, Chainalysis head of sanctions Andrew Fierman said sanctions are nuanced …
Blockchain / Dec. 7, 2022
Binance and Huobi freeze $1.4M in crypto linked to North Korean hackers
Cryptocurrency exchanges Binance and Huobi have again frozen accounts linked to the $100 million Harmony Horizon bridge attack on Jun. 24, 2022. Around $1.4 million worth of crypto frozen by the trading platforms came from accounts linked to the notorious Lazarus Group operating out of North Korea. The investigation was carried out by blockchain analytics firm Elliptic, according to a report shared by the firm on Feb. 14. However, the firm didn’t state what coins or tokens were frozen. Exchanges @binance and @HuobiGlobal today froze accounts containing $1.4 million stolen by North Korea’s Lazarus Group. This was made possible thanks …
Blockchain / Feb. 15, 2023