Security News > 2022 > April > FBI, U.S. Treasury and CISA Warn of North Korean Hackers Targeting Blockchain Companies
The U.S. Cybersecurity and Infrastructure Security Agency, along with the Federal Bureau of Investigation and the Treasury Department, warned of a new set of ongoing cyber attacks carried out by the Lazarus Group targeting blockchain companies.
Targeted organizations include cryptocurrency exchanges, decentralized finance protocols, play-to-earn cryptocurrency video games, cryptocurrency trading companies, venture capital funds investing in cryptocurrency, and individual holders of large amounts of cryptocurrency or valuable non-fungible tokens.
The attack chains commence with the threat actor reaching out to victims via different communication platforms to lure them into downloading weaponized cryptocurrency apps for Windows and macOS, subsequently leveraging the access to propagate the malware across the network and conduct follow-on activities to steal private keys and initiate rogue blockchain transactions.
The TraderTraitor threat comprises a number of fake crypto apps that are based on open-source projects and claim to be cryptocurrency trading or price prediction software, only to deliver the Manuscrypt remote access trojan, a piece of malware previously tied to the group's hacking campaigns against the cryptocurrency and mobile games industries.
The disclosure comes less than a week after the Treasury Department attributed the cryptocurrency theft of Axie Infinity's Ronin Network to the Lazarus Group, sanctioning the wallet address used to receive the stolen funds.
"These actors will likely continue exploiting vulnerabilities of cryptocurrency technology firms, gaming companies, and exchanges to generate and launder funds to support the North Korean regime."
News URL
https://thehackernews.com/2022/04/fbi-us-treasury-and-cisa-warns-of-north.html
Related news
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- CISA: Hackers abuse F5 BIG-IP cookies to map internal servers (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- North Korean hackers pave the way for Play ransomware (source)
- FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions (source)
- North Korean hackers employ new tactics to compromise crypto-related businesses (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- North Korean hackers create Flutter apps to bypass macOS security (source)