FBI and CSIA issue alert over North Korean cyberattacks on crypto targets

cointelegraph.com:

The Cybersecurity and Infrastructure Security Agency (CISA) and FBI have issued an alert on North Korean state-sponsored cyber threats that target blockchain companies in response to the Ronin Bridge hack last month.

The alert was issued on April 18 in conjunction with the Federal Bureau of Investigation and the Treasury Department which had warnings and mitigation suggestions for blockchain and crypto firms to ensure their own operations remain safe from hackers.

With the @FBI, and @USTreasury, we released a new cybersecurity advisory on North Korean state-sponsored activity targeting blockchain technology and the cryptocurrency industry. Read the technical guidance and mitigation strategies: https://t.co/Oio478Ouv3 pic.twitter.com/VLa3HUrsPY

Lazarus is not the only hacker group listed by name as an advanced persistent threat (APT). Included among Lazarus are APT38, BlueNoroff, and Stardust Chollima. These groups and others like them have been observed targeting what the bulletin called “a variety of organizations in the blockchain technology and cryptocurrency industry,” such as exchanges, decentralized finance (DeFi) protocols, and play-to-earn games.

Their efforts filled their coffers with $400 million in stolen crypto funds in 2021 according to a report from Chainalysis. The regime has already topped that amount this year with the Ronin Bridge hack from which it extracted about $620 million in crypto in late March.

The CSIA does not believe the rate of thefts will see a downturn any time soon as it stated that groups are using spearphishing and malware to steal crypto. It added that:

Kim Jong Eun’s staunch refusal to dismantle his nuclear weapons program forced the U.S. to levy some of the harshest economic sanctions ever