CISA Alert AA22-108A – TraderTraitor: North Korean state-sponsored APT targets blockchain companies.
This joint Cybersecurity Advisory highlights the cyber threat associated with cryptocurrency thefts and tactics used by a North Korean state-sponsored APT group since at least 2020. This group is commonly tracked by the cybersecurity industry as Lazarus Group, APT38, BlueNoroff, and Stardust Chollima. As of April 2022, North Korea’s Lazarus Group has targeted various firms, entities, and exchanges in the blockchain and cryptocurrency industry using spearphishing campaigns and malware to steal crypto. These actors will likely continue exploiting vulnerabilities of cryptocurrency technology firms, gaming companies, and exchanges to generate and launder funds to support the North Korean regime.
AA22-108A Alert, Technical Details, and Mitigations
CISA North Korea Threat Information
AppleJeus: Analysis of North Korea’s Cryptocurrency Malware
HIDDEN COBRA – FASTCash Campaign
FASTCash 2.0: North Korea’s BeagleBoyz Robbing Banks
All organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at central@cisa.dhs.gov or (888) 282-0870 and to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.