The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued an alert on North Korean state-sponsored cyber threats targeting blockchain companies in response to last month’s Ronin Bridge hack.
The alert was issued on April 18 in conjunction with the Federal Bureau of Investigation and the Treasury Department, which had warnings and mitigation suggestions for blockchain and cryptocurrency companies to ensure their own operations remain safe from hackers.
with the @FBIand @USTreasury, we released a new cybersecurity advisory on North Korean state-sponsored activity targeting blockchain technology and the cryptocurrency industry. Read the technical guidance and mitigation strategies: https://t.co/Oio478Ouv3 pic.twitter.com/VLa3HUrsPY
—Cybersecurity and Infrastructure Security Agency (@CISAgov) April 18, 2022
Lazarus is not the only hacker group listed by name as an advanced persistent threat (APT). Among Lazarus are APT38, BlueNoroff Y Stardust Chollima. These groups and others like them have been observed attacking what the bulletin called “a variety of organizations in the cryptocurrency and blockchain technology industry,” such as exchanges, decentralized finance (DeFi) protocols, and P2E games.
Their efforts filled their coffers with $400 million in crypto funds stolen in 2021, according to a report by Chainalysis. The regime has already surpassed that amount this year with the Ronin Bridge hack that mined some $620 million in cryptocurrency in late March.
The CSIA does not believe that the theft rate will decrease any time soon, as it stated that groups are using spearphishing and malware to steal cryptocurrencies. He added that:
“These actors are likely to continue to exploit vulnerabilities in technology companies, gaming companies, and crypto exchanges to generate and launder funds to support the North Korean regime.”
Kim Jong-un’s steadfast refusal to dismantle his nuclear weapons program forced the United States to impose some of the toughest economic sanctions ever imposed on his country. This has led him to turn to cryptocurrencies to fund the nuclear weapons program, as his cash flows through traditional means have been almost totally shut down.
Although the alert goes into greater detail on how exactly these groups use malware such as Apple Jeus to attack blockchain and cryptocurrency companies, it also offers suggestions on how users can mitigate risk to themselves and their users’ funds. Most of the recommendations are common-sense security practices, such as using multi-factor authentication on private accounts, educating users about common social engineering threats, blocking emails from newly registered domains, and endpoint protection.
The list of mitigation strategies that companies should adopt to ensure they are protected from harm includes all sensible suggestions, but the CSIA believes that education and awareness of the existing threat is one of the best strategies.
“A cybersecurity-aware workforce is one of the best defenses against social engineering techniques like phishing,” concludes.
Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information set forth herein should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision..
Keep reading:
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the full amount invested may be lost. The services or products offered are not aimed at or accessible to investors in Spain.