US Warns About North Korean Cyberattack Groups
Published: April 20, 2022
The US has issued a warning about the cyber threats originating from North Korea. US authorities blame North Korean state-sponsored groups for the attacks in their cybersecurity advisory.
The US Treasury and the Federal Bureau of Investigation (FBI) joined the US Cybersecurity and Infrastructure Security Agency (CISA) in issuing the said statement. They said that the government “has observed North Korean Cyber actors targeting organizations.”
The organizations being targeted are part of the cryptocurrency industry and blockchain technology.
In the advisory, groups like Lazarus, APT38, Stardust Chollima, and BlueNoroff are defined as “APTs,” which stands for “Advanced Persistent Threat.” They added that the groups use applications to access the victim’s computer and steal private information.
In the report, the government added that they exploit security gaps when accessing a victim’s computer.
These organizations target everything from crypto exchanges, play-to-earn crypto video games, and decentralized finance protocols to trading companies and venture capital funds.
The government is advising businesses, including cybersecurity companies in these industries, to implement mitigations to protect their interests.
Some of these mitigations are multi-factor authentication for users, enforcing credential requirements, and educating users on social engineering. CISA adds that companies should be ready with an “incident response plan.”
Previously, the US government blamed the North Korean hacking group Lazarus for an attack on the Ronin Network of Axie Infinity Games. After the hack, developer Sky Mavis was drained of $625 million.
In March 2021, LiFi, a blockchain protocol, lost around $600,000 in a breach. Beanstalk Farms was targeted more recently, and hackers stole $182 million. All in all, cybercriminals took over $1.3 billion from the blockchain industry last year.