SEOUL, April 19 (UPI) — A trio of U.S. agencies have issued a joint advisory to warn of escalating North Korean cyberattacks on cryptocurrency and blockchain platforms.
The Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency and the U.S. Treasury Department issued the alert Monday in the wake of a stunning $620 million crypto heist by the Pyongyang-connected Lazarus Group.
The advisory is meant to “highlight the cyber threat associated with cryptocurrency thefts and tactics used by a North Korean state-sponsored advanced persistent threat (APT) group since at least 2020.”
“The U.S. government has observed North Korean cyber actors targeting a variety of organizations in the blockchain technology and cryptocurrency industry,” the agencies said.
Targets include cryptocurrency exchanges and individuals with large holdings of cryptocurrency or non-fungible tokens, known as NFTs.
The hackers send counterfeit messages — a tactic known as spear phishing — in order to steal data or install malware on a victim’s system.
“The messages often mimic a recruitment effort and offer high-paying jobs to entice the recipients to download malware-laced cryptocurrency applications,” the alert said.
The agencies dubbed this group of apps “TraderTraitor” and outlined techniques to identify and avoid the attacks.
They also warned that play-to-earn videogames remained targets.
Last week, the FBI announced that North Korea’s Lazarus Group of hackers was behind the $620 million heist of digital currency Ethereum from the blockchain network used by players of the popular game Axie Infinity.
That attack was the largest cryptocurrency theft in history, according to cybersecurity website Comparitech.
“These actors will likely continue exploiting vulnerabilities of cryptocurrency technology firms, gaming companies, and exchanges to generate and launder funds to support the North Korean regime,” the advisory said.
North Korea remains under punishing international sanctions over its nuclear weapons and ballistic missile programs.
The secretive regime’s cybercriminals extracted nearly $400 million in digital assets in 2021, according to a report by blockchain researcher Chainalysis.