Security News > 2022 > April > US warns North Korean Lazarus gang rising against cryptocurrency outfits

Lazarus - also known as APT38, BlueNoroff, and Stardust Chollima - is casting a wide net with this campaign, with targets including cryptocurrency exchanges, decentralized finance protocols, pay-to-earn cryptocurrency video games, and crypto-coin trading companies.

The TraderTraitor apps come with a range of names, such as DAFOM, which purports to be a cryptocurrency portfolio app; TokenAIS and CryptAIS, for building AI-based trading portfolios for cryptocurrencies; and Esilet, for live cryptocurrency prices.

Lazarus has been targeting the cryptocurrency market since at least 2020, and last year US government agencies issued an alert about Lazarus' AppleJeus malware, which has been used to steal cryptocurrency from organizations around the globe.

In the latest alert, the US agencies wrote that given its history, Lazarus "Will likely continue exploiting vulnerabilities of cryptocurrency technology firms, gaming companies, and exchanges to generate and launder funds to support the North Korean regime. North Korean state-sponsored cyber actors use a full array of tactics and techniques to exploit computer networks of interest, acquire sensitive cryptocurrency-intellectual property, and gain financial assets."

The digital asset space has become a tempting target not only for Lazarus but many other cybercriminals because of the relative newness of it and the rapid growth of users of cryptocurrency and NFTs. "Since cryptocurrency is a rather new technology, it presents an opportunity for threat actors to socially engineer targets," Hank Schless, senior manager of security solutions at Lookout, told The Register.

For North Korea, targeting cryptocurrency and similar assets will continue, John Bambenek, principal threat hunter at Netenrich, told The Register.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/04/20/lazarus-targets-digital-assets/