In reaction to the Ronin Bridge incident last month, the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued an advisory on North Korea’s state-sponsored cyber threats targeting blockchain enterprises.
The advisory was published on April 18 in collaboration with the Federal Bureau of Investigation and the Treasury Department, and it included cautions and mitigation measures for blockchain and crypto companies to keep their operations safe from hackers.
The cybersecurity industry refers to the outfits Lazarus Group, APT38, BlueNoroff, and Stardust Chollima.
According to research from Chainalysis, the groups have amassed $400 million in stolen crypto money by 2021. The regime has already surpassed that figure this year, with the Ronin Bridge attack in late March yielding around $620 million in cryptocurrency.
These groups will most likely continue to target vulnerabilities in blockchain technology firms, gaming companies, Defi, and exchanges to create and launder money to support the North Korean regime, according to the statement.
How has North Korea exploited blockchain protocols?
North Korean leader Kim Jong Un’s adamant refusal to give up his nuclear weapons program prompted the United States to impose some of the most severe economic sanctions ever imposed on his country. As a result, he has turned to cryptocurrencies to fund his nuclear weapons program, as his usual funding flows have been almost cut off.
North Korea’s cyber actors have been observed targeting a variety of blockchain technology and cryptocurrency companies, including cryptocurrency exchanges, decentralized finance (DeFi) protocols, play-to-earn cryptocurrency video games, cryptocurrency trading companies, venture capital funds investing in cryptocurrency, and individual holders of large amounts of cryptocurrency or valuable non-fungible tokens, according to the US government (NFTs).
The behavior detailed in this alert includes social engineering victims through a number of communication platforms in order to persuade them to download trojan-ized cryptocurrency programs for Windows or macOS. The cybercriminals then use the programs to get access to the victim’s computer, spread malware throughout the victim’s network, steal private keys, and exploit other security flaws.
The comprehensive list of countermeasures that businesses should use to guarantee they are safe from harm includes all reasonable options; however, the CSIA feels that one of the best strategies is education and knowledge of the hazard.
The statement concludes that,
“A cybersecurity aware workforce is one of the best defenses against social engineering techniques like phishing,”