The US government has detailed how North Korean state-sponsored attackers have been hacking cryptocurrency firms using phishing, malware and exploits to steal funds and initiate fraudulent blockchain transactions.
The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the U.S. Treasury Department (Treasury) have issued a joint cybersecurity advisory to warn all businesses in cryptocurrency to watch out for attacks from North Korean state-sponsored hackers.
Last week, the US Treasury Department linked the massive $600 million heist from the Ronin blockchain network to Lazarus hackers.
The new joint alert mostly concerns the work of Lazarus Group, also known as APT38, and follows multiple alerts since 2020 about the group’s crypto-stealing malware.
“As of April 2022, North Korea’s Lazarus Group actors have targeted various firms, entities, and exchanges in the blockchain and cryptocurrency industry using spearphishing campaigns and malware to steal cryptocurrency,” the alert from the FBI’s Internet Crime Center (IC3) states.
“These actors will likely continue exploiting vulnerabilities of cryptocurrency technology firms, gaming companies, and exchanges to generate and launder funds to support the North Korean regime.”
The alert flags that Lazarus attacks often begin with spear-phising messages targeting employees of cryptocurrency firms, often those working in system administration or software development/IT operations or DevOps roles.
“The messages often mimic a recruitment effort and offer high-paying jobs to entice the recipients to