Days after indicting North Korea state-backed hackers Lazarus Group in the $615 million hack against Ronin Network, the US Government has issued a warning that Lazarus Group is after blockchain companies using trojanized cryptocurrency applications.
The warning came in a joint advisory issued on Monday. The US Treasury, the FBI, as well as the CISA, said that from their observations, they had come to discover that the North Korean hackers are targeting a bunch of companies in the blockchain and cryptocurrency industries. Their targets include crypto exchange, trading companies, and even venture capital firms associated with cryptocurrency and blockchain companies. Play-to-earn video gaming platforms and individuals who are known to own and hold huge amounts of digital currencies and NFTs are also not excluded from the list.
Last week, the US Treasury Department’s Office of Foreign Assets Control issued new sanctions against an Ethereum wallet owned by Lazarus Group. This wallet, according to investigators contained funds stolen from Ronin Network last month. Ronin Network is the Ethereum-based sidechain backing the play-to-earn game Axie Infinity. The North Korean hackers were said to have exploited a vulnerability in Ronin’s Network and parted with over $600 million worth of digital currencies.
The warning says that Lazarus Group is targeting employees of the aforementioned companies using social engineering tactics across various platforms. The US Government warns that attacks could come in form of “spear phishing” via emails and could come in a high-paying job offer enticing them to download the trojanized cryptocurrency applications. This, according to the US Government is known as “Trader Traitor”.
The US Government has, therefore, warned companies in the cryptocurrency and blockchain industries to be careful so they do not end up the next victim of these hackers.
The US Treasury, the FBI, and the CISA said that “North Korean state-sponsored cyber actors use a full array of tactics and techniques to exploit computer networks of interest, acquire sensitive cryptocurrency-intellectual property, and gain financial assets. These actors will likely continue exploiting vulnerabilities of cryptocurrency technology firms, gaming companies, and exchanges to generate and launder funds to support the North Korean regime.”