Joint Cybersecurity Advisory – North Korean State-Sponsored APT Targets Blockchain Companies

The Cybersecurity and Infrastructure Security Agency (CISA), along with the FBI, and the U.S. Department of Treasury, have published a joint Cybersecurity Advisory on tactics, techniques, and procedures associated with a North Korean state-sponsored advanced persistent threat (APT) group as well as warning that the group is targeting blockchain companies. This North Korean APT group, commonly tracked as the Lazarus Group, uses spear phishing and social engineering to trick individuals into downloading trojanized cryptocurrency applications onto their operating system. These threat actors “then use the applications to gain access to the victim’s computer, propagate malware across the victim’s network environment, and steal private keys or exploit other security gaps. These activities enable additional follow-on activities that initiate fraudulent blockchain transactions,” according to the advisory. The advisory includes further technical details regarding this APT group, including indicators of compromise and detailed TTPs, and lists recommended mitigations.

To report suspicious or criminal activity related to information found in advisory, contact your local FBI field office, or the FBI’s 24/7 Cyber Watch (CyWatch) at(855) 292-3937, or by e-mail at Cy*****@*bi.gov. If you have any further questions, or to request incident response resources or technical assistance related to these threats, contact CISA at CI*************@******hs.gov. Read the full report at CISA.