A trio of federal agencies issued a joint advisory on Monday about the growing risk of cyber threats involving a North Korean group’s cryptocurrency.
The FBI, Cybersecurity and Infrastructure Security Agency and Treasury Department have exposed tactics used by a North Korean state-sponsored Advanced Persistent Threat (APT) group.
The agencies said the APT group targets various organizations in the cryptocurrency industry such as crypto video games for earning, crypto trading firms, and individual holders of valuable non-fungible tokens, often called NFTs.
Cyber actors used a variety of communication platforms to target victims, encouraging them to download trojanized cryptocurrency apps through their devices, the agencies said. The group used the fake apps to gain access to the user’s network, steal private keys or exploit other security holes, according to the notice.
“This advisory provides information on Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IOCs) to blockchain technology and cryptocurrency industry stakeholders to help them identify and mitigate cyber threats against cryptocurrency,” the agencies said in a statement.
The latest notice comes as the FBI says North Korean hackers are responsible for stealing up to $620 million in cryptocurrency last month from Axie Infinity, a virtual video game that uses NFTs.
“The FBI continues to combat malicious cyber activity, including the threat posed by the Democratic People’s Republic of Korea to the United States and our private sector partners,” the FBI said in a statement Thursday. “Through our investigation, we were able to confirm that Lazarus Group and APT38, cyber actors associated with the DPRK, are responsible for the theft of $620 million from Ethereum reported on March 29.”
The Treasury Department has also sanctioned the Lazarus Group as an investigation into the reported crime is ongoing.