FBI, CISA Issue Joint Alert On Crypto-focused North Korean Cyberattacks

The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the U.S. Treasury Department have issued a joint Cybersecurity Advisory to highlight the cyber threat associated with cryptocurrency thefts and tactics used by North Korea-based groups.

The advisory has been issued on North Korean state-sponsored advanced persistent threat (APT) group operating since at least 2020, commonly tracked by the cybersecurity industry as Lazarus Group, APT38, BlueNoroff, and Stardust Chollima.

The agency has alerted that the U.S. government has observed North Korean cyber actors targeting a variety of organizations in the blockchain technology and cryptocurrency industry, including cryptocurrency exchanges, decentralized finance (DeFi) protocols, play-to-earn cryptocurrency video games, cryptocurrency trading companies, venture capital funds investing in cryptocurrency, and individual holders of large amounts of cryptocurrency or valuable non-fungible tokens (NFTs).

The advisory has warned of attackers using many communication platforms to persuade people to download trojanized cryptocurrency applications on Windows or macOS operating systems. This is followed by usage of applications to access victim’s computer, spreading malware across the victim’s networks and steal private keys or exploit other security gaps. These activities enable additional follow-on activities that initiate fraudulent blockchain transactions.

Cyber threats also involve intrusions beginning with a large number of spearphishing messages sent to employees of cryptocurrency companies, often working in system administration or software development/IT operations, on a variety of communication platforms. The messages often mimic a recruitment effort and offer high-paying jobs to entice the recipients to download malware-laced cryptocurrency applications.

The advisory recommends risk mitigation through a series of measures including patching all systems, prioritizing the patching of known exploited vulnerabilities. The agency also recommends training of users to recognize and report phishing attempts. The alert also advises use of multifactor authentication.

The advisory has stressed that a cybersecurity aware workforce is one of the best defenses against social engineering techniques like phishing.

Source: Read Full Article