LAZARUS APT Using TraderTraitor Malware to Target Blockchain Orgs, Users

Lazarus APT group is backed by the North Korean government and is currently targeting organizations and unsuspecting users in the cryptocurrency and blockchain industry with trojanized crypto applications.

The Federal Bureau of Investigation (FBI), the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), and the US Treasury Department jointly released an advisory to warn cryptocurrency and blockchain organizations about a notorious phishing campaign by the Lazarus APT hacking group.

The key targets of hackers are cryptocurrency exchanges, investors, trading firms, and blockchain organizations. North Korea reportedly sponsors this currently active campaign to gain access to systems to facilitate fake trades, steal funds, data, and valuable keys, and install malware.

It is worth noting that in the last couple of years, North Korean hackers have been accused of stealing over $1.7 billion worth of funds from different cryptocurrencies. Experts believe North Korean hackers are keeping the stolen funds as a long-term investment.

Campaign Details

The attack begins with hackers sending a large number of phishing emails to their targeted company’s employees. They are lured by offering better job opportunities- a tactic frequently used by the Lazarus APT. The recipients are urged to click on applications that appear to

Read More: