US Agencies Advises Against North Korea’s Lazarus Hacking Group

On Monday, US State Agencies released an advisory warning against North Korea’s Lazarus Hacking group as attacks targeting the cryptocurrency and blockchain industries continue to rise.

The advisory was jointly released by The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the U.S. Treasury Department (Treasury).

With the @FBI, and @USTreasury, we released a new cybersecurity advisory on North Korean state-sponsored activity targeting blockchain technology and the cryptocurrency industry. Read the technical guidance and mitigation strategies: https://t.co/Oio478Ouv3 pic.twitter.com/VLa3HUrsPY
— Cybersecurity and Infrastructure Security Agency (@CISAgov) April 18, 2022

The agencies said that the other names for the group includes APT38, BlueNoroff and Stardust Chollima.

The advisory reports that the Lazarus Group used AppleJeus and other trojanized cryptocurrency applications to target individuals and crypto companies. They are targeted through the dissemination of cryptocurrency trading apps that were in turn modified to include malware that enables crypto theft.

Uptil now, North Korea’s Lazarus Group actors have targeted various firms, entities, and exchanges in the blockchain and crypto space using spear phishing drives and malware to steal cryptocurrency.

The report further added, “The messages often mimic a recruitment effort and offer high-paying jobs to entice the recipients to download malware-laced cryptocurrency applications, which the U.S. government refers to as TraderTraitor”.

The targeted entities include cryptocurrency exchanges, decentralized finance (DeFi) protocols, play-to-earn cryptocurrency video games, venture capital funds investing in cryptocurrency, and individual holders of cryptocurrency or valuable non-fungible tokens (NFTs).

The advisory comes after the Treasury Department had blamed Lazarus for a $625 million cryptocurrency theft from the Ronin bridge linked to popular play-to-earn game Axie Infinity.

The agencies advised companies and individuals to secure against hacker’s social engineering attempts by patching all systems, prioritizing patching known exploited vulnerabilities, and educating users to recognize and report phishing attempts.

They have also advised multifactor authentication, endpoint protection, enforce application security and creating an incident response plan to respond to possible cyber intrusions.

Disclaimer: The information researched and reported by The Crypto Times is for informational purposes only and is not a substitute for professional financial advice. Investing in crypto assets involves significant risk due to market volatility. Always Do Your Own Research (DYOR) and consult with a qualified Financial Advisor before making any investment decisions.

Follow The Crypto Times on Google News to Stay Updated!