CSIA And FBI Warn Blockchain Companies About Cyber Attacks From North Korea
JAKARTA - The Cybersecurity and Infrastructure Agency (CISA) and the FBI have issued a warning about a cyber threat sponsored by the North Korean government, targeting blockchain companies in response to the Ronin Bridge hack last month.
The warning was issued on Monday, April 18, in conjunction with the FBI and the US Treasury having warnings and mitigation advice for blockchain and crypto companies to ensure their own operations remain safe from hackers.
Lazarus isn't the only hacker group to be listed as an advanced persistent threat (APT). Included among Lazarus are APT38, BlueNoroff, and Stardust Chollima.
These groups and others like them have been observed targeting what the newsletter calls “various organizations in the blockchain technology and cryptocurrency industry,” such as exchanges, decentralized financial protocols (DeFi), and games to make money.
The #FBI, @CISAGov, and @USTreasury have issued a joint Cybersecurity Advisory warning about the #cyber threat associated with cryptocurrency thefts and tactics used by a North Korean state-sponsored group since at least 2020. https://t.co/ e0A2QESbGQ pic.twitter.com/0kCcwZvfpP
— FBI (@FBI) April 18, 2022
According to a report from Chainalysis, their efforts have filled their coffers with 400 million US dollars (Rp 5.7 trillion) stolen crypto funds in 2021. The regime has reached that number this year with the Ronin Bridge hack from which they extracted around 620 million US dollars (Rp 8.8 trillion) in crypto at the end of March.
CSIA doesn't believe the theft rate will decline any time soon as the group continues to use spearphishing and malware to steal crypto.
"These actors will likely continue to exploit the vulnerabilities of cryptocurrency technology companies, gaming companies, and exchanges to generate and launder funds to support the North Korean regime," CSIA said.
Kim Jong Eun's vehement refusal to dismantle its nuclear weapons program has forced the US to impose some of the toughest economic sanctions ever against the country. This has led North Korea to turn to cryptocurrencies to fund its nuclear weapons program as its cash flows through traditional means are almost entirely shut down by the US.
Meanwhile warnings about how these groups are using malware like AppleJeus to target blockchain and crypto companies keep popping up. The alert also offers advice on how users can reduce the risk to themselves and their users' funds.
Most of the recommendations conveyed are sound security procedures such as using multi-factor authentication on personal accounts, educating users about social engineering threats, blocking newly registered domain emails, and endpoint protection.
The list of mitigation strategies that companies should take to ensure they are safe from harm includes all reasonable advice. However, CSIA believes that education and awareness of existing threats is one of the best strategies.
“A cybersecurity-aware workforce is one of the best defenses against social engineering techniques such as phishing,” said CSIA.