A new alert by the FBI and the Treasury Department lifts the lid on some of the techniques used by the Lazarus Group.
North Korean groups are deliberately targeting crypto exchanges, DeFi protocols, play-to-earn games and high-net-worth individuals, the U.S. government has warned.
A new alert by the FBI and the Treasury Department has sought to lift the lid on some of the techniques used by the Lazarus Group — with companies urged to patch vulnerabilities, train employees on how to recognize phishing attempts, and use multi-factor authentication.
The statement warns that victims of social engineering attacks are often encouraged to download "trojanized" crypto applications that appear genuine. From here, attackers gain control of their computer, spread malware across their network, and steal private keys.
"These actors will likely continue exploiting vulnerabilities of cryptocurrency technology firms, gaming companies, and exchanges to generate and launder funds to support the North Korean regime."
According to the alert, victims who work in system administration or software development are often sent messages that pretend to be from a recruitment company — offering high-paying roles. They're wooed into downloading a type of malicious app that the U.S. government calls "TraderTraitor" — and worryingly, they're often accompanied by bogus websites with convincing designs.
The warning comes days after the Treasury implicated the Lazarus Group in the attack on Ronin, the blockchain that powers Axie Infinity. ETH and USDC worth over $625 million was stolen — smashing records for the biggest crypto hack on record.
Listen to the CoinMarketRecap podcast on Apple Podcasts, Spotify and Google Podcasts
Top Tips for Protection
A plethora of recommendations has been made to help businesses prevent their infrastructure being targeted.
As well as using separate networks to limit how far an attack spreads, organizations are urged to have "a timely vulnerability and patch management program in place."
Businesses have also been warned that North Korean groups frequently target email addresses and social media accounts — meaning regular password changes are needed, as well as multi-factor authentication to add another layer of defense.
Other tips include educating employees on how social engineering attacks occur, and offering training on the warning signs of social engineering — and the dangers of opening links and attachments from senders who shouldn't be trusted.
