North Korea has been on the radar again for another threat attack, as FBI alerts on over $40-million worth of crypto transferred within a space of 24-hrs.
In our previous reports threat actors from North Korea, has been targeting various countries and their organization from the Norway government, to numerous ransomware attack reported, down to social engineering attack applying the phishing methods, and other numerous attacks we haven’t covered yet.
The US government in a recent news, reports that threat actors North Korea has been a threat to the cryptocurrency organization; and the need for cryptocurrency organization to lookout and enforce more security in the web3.0 space.
A list of numerous threat gang, has been linked to the Democratic People’s Republic of Korea, and found to be attacking the crypto-sector for years. The untraceability of cryptocurrency has made it a prime target in the digital space; and the assets stolen by these threat actors are immediately rerouted to the country’s military nuclear weapon programs, that assists in the Pyongyang’s power base.
Attacks from the North Korea has been on the surge as FBI reported on Tuesday 24th August 2023 that two of the Notorious group by the name TraderTraitor and Lazarus (A state aligned hacking groups in North-Korea) have stolen more than 1,580 Bitcoins said to worth over $40-million, in the last 24-hrs.
The said stolen funds was transferred to 6-different bitcoin crypto-wallets. The group has also been linked to a few attacks; theft of $100-million in virtual currency from atomic wallet, $60-million from Alphapo payment platform, and $37-million CoinsPaid in the month of June.
The FBI has issued a warning that they suspect the group might intend cashing out the bitcoin in a possible near future, and that companies should look out for suspicious transactions, and inform the law enforcement agency upon notice.
It is known that the TraderTraitor is one of the North Korea’s prominent hacking groups and has been on a high record for targeting cryptocurrency companies, and other vital sectors for financial gains. The threat group which also go by the name APT38 or BlueNoroff, was reported by the U.S authorities to be responsible for the $620-million Ethereum coin heist which occurred last year.
Other speculation includes the notorious group responsible for the 2016 Bank of Bangladesh hack, that the group made off with over $80-million worth of stolen funds.
The group is also responsible for the spear-phishing attack on venture capital firm in the United States and Japan.
CISA (Cybersecurity Infrastructure Security Agency) advisory, in the year 2022, BlueNoroff was found to have focused on the cryptocurrency space since at least 2020, usually beginning “with a large number of spear phishing messages sent to employees” that work in system administration, software development, and IT operations. The attacks adopted crafting these messages to look like recruitment offers with regards to high-paying Jobs.
The threat group is said to trick their victims into downloading a malware embedded cryptocurrency trading app. A multimillion-dollar bounty, has been placed by FBI as a reward to anyone who can suggest on how to disrupt the North-Korean hacking operations.
Government agencies has advised to combat these threats by using the basic block and tackling in cybersecurity: timely patching, and the enforcing of least privilege access policies, multifactor authentication, and adopting phishing attack training measures.
Other recommendations include the deployment of endpoint detection, and response on work-related devices, configuring email services to be more secure, and also domain protection policies, to check reputation checks, on suspicious domains and block newly registered domains. Also, the disabling of Macros in application like MicroSoft word should be implemented, and the monitoring of third-party application downloads by employees.
Please do let us know in the comment section what are your thoughts about this.