In reaction to the Ronin Bridge incident last month, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a notice on North Korean state-sponsored cyber threats targeting blockchain enterprises.
The advisory was released on Monday in collaboration with the FBI and the Treasury Department, and it included warnings and mitigation measures for blockchain and crypto companies to keep their operations safe from hackers.
Lazarus isn’t the only hacker collective that has been designated as an advanced persistent threat (APT). APT38, BlueNoroff, and Stardust Chollima are among the Lazarus members. These and other similar groups have been seen targeting “a variety of organizations in the blockchain technology and cryptocurrency industry,” such as exchanges, decentralized finance (DeFi) protocols, and play-to-earn games, according to the alert.
According to a research by Chainalysis, their activities resulted in $400 million in stolen crypto assets in 2021. The regime has already surpassed that figure this year, with the Ronin Bridge attack in late March yielding around $620 million in cryptocurrency.
According to the CSIA, gangs are using spearphishing and malware to steal crypto, thus the number of thefts is unlikely to slow down anytime soon. It went on to say:
“These actors will likely continue exploiting vulnerabilities of cryptocurrency technology firms, gaming companies, and exchanges to generate and launder funds to support the North Korean regime.”
Because of Kim Jong-un’s unwillingness to give up his nuclear weapons program, the US has imposed some of the most severe economic sanctions ever against his country. As a result, he has turned to cryptocurrencies to fund his nuclear weapons program, as his usual funding flows have been almost cut off.
While the alert goes into deeper depth about how these groups utilize malware like AppleJeus to target blockchain and crypto firms, it also includes recommendations for how users can protect themselves and their users’ funds. The majority of the recommendations are common sense security practices, such as multi-factor authentication on private accounts, user education on common social engineering vulnerabilities, barring newly registered domain emails, and endpoint protection.