US government organizations have issued a joint warning of the threat posed by tactics and cryptocurrency theft by Lazarus Group, a North Korean state-sponsored cybercrime organization.
According to a CISA (Cybersecurity and Infrastructure Security Agency) post, the other names for the group include APT38, BlueNoroff and Stardust Chollima. This was corroborated by the FBI and the U.S. Treasury Department.
The warning comes after the latter linked Lazarus to a $625 million theft of cryptocurrency from the Ronin bridge connected to Axie Infinity, the popular play-to-earn game.
Targeting a ‘wide range’ of crypto companies
The US government further adds North Korean cyber actors are targeting a wide range of crypto and blockchain companies, including “cryptocurrency exchanges, decentralized finance (DeFi) protocols, play-to-earn cryptocurrency video games, cryptocurrency trading companies, venture capital funds investing in cryptocurrency, and individual holders of large amounts of cryptocurrency or valuable non-fungible tokens (NFTs).”
The criminals are active in social engineering of victims through a variety of communication platforms to get them to download trojanized cryptocurrency applications on Windows or MAC operating systems. Then, the attackers use the applications to infiltrate the victim’s computer and install malware in their network environment, as well as exploit security vulnerabilities and steal private keys.
These activities make it possible to carry out additional follow-up ones, which initiate fraudulent blockchain transactions.
The US government published a guide in the past on North Korean state-sponsored cybercriminals stealing crypto by using AppleJeus malware. They have also published guides about North Korean state-sponsored cyber actors stealing money from banks using custom malware:
Patch systems, train users to recognize phishing
The US government organizations advised individual users and companies to block social engineering by prioritizing patching of known weaknesses, using multifactor authentication, and training users to recognize phishing attempts.
The biggest hack in history
As Bankless Times reported on April 12, gaming-focused Ronin Network announced a loss equivalent to more than $625 million in ether and USDC. The attack impacted Ronin Network validator nodes for Sky Mavis, the publishers of Axie Infinity, as well as the Axie DAO. The hacker tapped into private keys to make fake withdrawals in two transactions from the Ronin bridge.
Gas-free RPC node exploited
The hacker found a way in via the RPC node, which they exploited to obtain a signature for the Axie DAO validator. Otherwise, there are nine validators on the Ronin sidechain, which requires five signatures for withdrawals and provides unparalleled security.