Security News > 2022 > April > FBI, U.S. Treasury and CISA Warn of North Korean Hackers Targeting Blockchain Companies

The U.S. Cybersecurity and Infrastructure Security Agency, along with the Federal Bureau of Investigation and the Treasury Department, warned of a new set of ongoing cyber attacks carried out by the Lazarus Group targeting blockchain companies.

Targeted organizations include cryptocurrency exchanges, decentralized finance protocols, play-to-earn cryptocurrency video games, cryptocurrency trading companies, venture capital funds investing in cryptocurrency, and individual holders of large amounts of cryptocurrency or valuable non-fungible tokens.

The attack chains commence with the threat actor reaching out to victims via different communication platforms to lure them into downloading weaponized cryptocurrency apps for Windows and macOS, subsequently leveraging the access to propagate the malware across the network and conduct follow-on activities to steal private keys and initiate rogue blockchain transactions.

The TraderTraitor threat comprises a number of fake crypto apps that are based on open-source projects and claim to be cryptocurrency trading or price prediction software, only to deliver the Manuscrypt remote access trojan, a piece of malware previously tied to the group's hacking campaigns against the cryptocurrency and mobile games industries.

The disclosure comes less than a week after the Treasury Department attributed the cryptocurrency theft of Axie Infinity's Ronin Network to the Lazarus Group, sanctioning the wallet address used to receive the stolen funds.

"These actors will likely continue exploiting vulnerabilities of cryptocurrency technology firms, gaming companies, and exchanges to generate and launder funds to support the North Korean regime."

News URL

https://thehackernews.com/2022/04/fbi-us-treasury-and-cisa-warns-of-north.html