Recent reports revealed that the North Korean government backs the Lazarus advanced persistent threat (APT) group in targeting companies and investors using cryptocurrency and blockchain with crypto applications injected with malware.
Several law enforcement agencies, including the FBI, CISA, and the US Treasury Department, have issued a joint warning that alerts cryptocurrency and blockchain firms regarding a propagating phishing campaign launched by the notorious APT group, Lazarus.
The malware campaign’s main targets include cryptocurrency platforms, trading and blockchain firms, and investors.
According to reports, the government of North Korea has been supporting Lazarus APT in the new campaign, which consists of accessing the targets’ systems to operate fake trades, steal sensitive data, assets, and valuable keys, and inject malicious malware.
There have been cases of North Korean threat actors allegedly stealing over a billion cryptocurrency funds, which experts presume they are saving for long-term investment.
The new active campaign involves the hackers sending massive phishing emails to the targeted recipients, such as firms and their employees. The emails contain lures about job opportunities, wherein if the victim clicks on the enclosed link, they will be redirected to cryptocurrency trading apps and price estimation tools available for macOS and Windows devices.
These applications and tools are infected with a malware called TraderTraitor, allowing hackers to launch commands and inject more malware into the compromised device to access the victim’s systems and the company network.
Furthermore, the agencies disclosed that some TraderTraitor trojan-infected apps include Esilet, TokenAIS, and CryptAIS.
There have been various attack techniques that the Lazarus APT have used in launching this new campaign, including spear-phishing, social engineering, and urging the victims to install malware-infected applications to steal data and install remote access trojan.
The law enforcement agencies and security experts stress that the Lazarus gang is among the most notorious APT groups that could execute high-profile cyberattack campaigns backed by the North Korean government’s Reconnaissance General Bureau or RGB.