The FBI, the U.S. Treasury Department, and Cybersecurity and Infrastructure Security Agency (CISA) have co-released a cybersecurity advisory on North Korean state-sponsored efforts targeting the blockchain and cryptocurrency industry.
“The U.S. government has observed North Korean cyber actors targeting a variety of organizations in the blockchain technology and cryptocurrency industry,” the report reads.
The report specifically cites several target areas of the industry, including exchanges, decentralized finance (DeFi) protocols, venture capital funds, and individual holders of large amounts of crypto-related assets such as tokens or non-fungible tokens (NFTs).
The alert also includes several mitigation strategies designed to stimy the activity led by these cyber actors.
Lazarus Group targets crypto
In the report, the U.S. government identifies a group of state-sponsored actors using tactics similar to Lazarus Group, a previously identified and infamous North Korean hacker organization.
These tactics include uploading malware software on victims’ applications to facilitate the theft of crypto holdings.
“As of April 2022, North Korea’s Lazarus Group actors have targeted various firms, entities, and exchanges in the blockchain and cryptocurrency industry using spearfishing campaigns and malware to steal cryptocurrency,” the report reads.
The advisory also references a strategy dubbed “TraderTraitor,” where intrusions begin with specific spearphishing messages sent to employees in crypto companies, often those working in IT or software…