CISA Cybersecurity Alerts 4.18.22
Ep 11 | 4.18.22

CISA Alert AA22-108A – TraderTraitor: North Korean state-sponsored APT targets blockchain companies.

Show Notes

This joint Cybersecurity Advisory highlights the cyber threat associated with cryptocurrency thefts and tactics used by a North Korean state-sponsored APT group since at least 2020. This group is commonly tracked by the cybersecurity industry as Lazarus Group, APT38, BlueNoroff, and Stardust Chollima. As of April 2022, North Korea’s Lazarus Group has targeted various firms, entities, and exchanges in the blockchain and cryptocurrency industry using spearphishing campaigns and malware to steal crypto. These actors will likely continue exploiting vulnerabilities of cryptocurrency technology firms, gaming companies, and exchanges to generate and launder funds to support the North Korean regime. 

AA22-108A Alert, Technical Details, and Mitigations

CISA North Korea Threat Information

AppleJeus: Analysis of North Korea’s Cryptocurrency Malware

HIDDEN COBRA – FASTCash Campaign

FASTCash 2.0: North Korea’s BeagleBoyz Robbing Banks

All organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at central@cisa.dhs.gov or (888) 282-0870 and to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.