North Korean hackers targeting blockchain companies
The U.S. government has warned that North Korean state-backed hackers known as the Lazarus Group are targeting organizations in the blockchain industry using trojanized cryptocurrency applications.
In a joint advisory issued on Monday, the FBI, CISA, and the U.S. Treasury said they had observed the North Korean-backed threat actors targeting a variety of organizations in the blockchain and cryptocurrency industries, including crypto exchanges, cryptocurrency trading companies, venture capital funds that have invested in cryptocurrency and individuals known to hold large amounts of cryptocurrency or valuable non-fungible tokens (NFTs) and play-to-earn video games.
US officials link North Korean Lazarus hackers to $625M Axie Infinity crypto theft
The warning comes just days after U.S. officials linked Lazarus to the recent theft of $625 million in cryptocurrency from Ronin, an Ethereum-based sidechain made for the popular play-to-earn game Axie Infinity, after exploiting a vulnerability in the network.
The North Korean-backed hackers are targeting employees of cryptocurrency companies using social engineering tactics across a variety of communication platforms. The advisory warns that the attackers would send highly targeted spoofed emails — known as “spearphishing” — that would include a high-paying job offer to try to entice the victim to download the trojanized cryptocurrency applications, an operation which the U.S. government refers to as “TraderTraitor.” This appears to be a continuation of the so-called “Dream Job” campaign that was first observed in 2020 and saw the hackers target workers in the defense, aerospace, and chemical sectors.
These malicious apps propagate malware across the victim’s network environment and steal private keys or exploit other security gaps, which allows the hackers to carry out follow-on activities, such as making fraudulent blockchain transactions. The U.S. agencies highlight a number of malicious TraderTraitor apps used in these campaigns, including Dafom, CryptAIS, AlticGO, Esilet, and CreAI deck, all of which purport to offer services such as portfolio building and real-time cryptocurrency price predictions.
North Korean hackers targeting blockchain companies
