Expand / Collapse search
Watch TV
Menu

This material may not be published, broadcast, rewritten, or redistributed. ©2024 FOX News Network, LLC. All rights reserved. Quotes displayed in real-time or delayed by at least 15 minutes. Market data provided by Factset. Powered and implemented by FactSet Digital Solutions. Legal Statement. Mutual Fund and ETF data provided by Refinitiv Lipper.

North Korea

FBI, Treasury, CISA issue warning about North Korean state-sponsored hackers

The agencies are warning of malicious cyber activity by North Korea

Brooke Singman By Brooke Singman Fox News
Published
close
Fox News Flash top headlines for April 18 Video

Fox News Flash top headlines for April 18

Fox News Flash top headlines are here. Check out what's clicking on Foxnews.com.

The FBI, the Cybersecurity and Infrastructure Security Agency (CISA) and the Treasury Department on Monday warned of "malicious" cyber threats from North Korean state-sponsored actors seeking to exploit "vulnerabilities cryptocurrency technology firms, gaming companies, and exchanges" in the United States in an effort to "generate and launder funds" to support the North Korean regime.

In a joint advisory Monday, the agencies sought to "highlight the cyber threat associated with cryptocurrency thefts and tactics used by a North Korean state-sponsored advanced persistent threat group since at least 2020."

US GOVERNMENT LINKS NORTH KOREA TO $620 MILLION CRYPTOCURRENCY HEIST

North Korean leader Kim Jong Un attends a ruling party congress in Pyongyang, North Korea, on Thursday. (AP/Korean Central News Agency/Korea News Service) (AP/Korean Central News Agency/Korea News Service)

The advisory states that the group is "commonly tracked" by the cybersecurity industry as "Lazarus Group, APT38, BlueNoroff, and Stardust Chollima."

"The U.S. government has observed North Korean cyber actors targeting a variety of organizations in the blockchain technology and cryptocurrency industry, including cryptocurrency exchanges, decentralized finance (DeFi) protocols, play-to-earn cryptocurrency video games, cryptocurrency trading companies, venture capital funds investing in cryptocurrency, and individual holders of large amounts of cryptocurrency or valuable non-fungible tokens (NFTs)," the advisory states.

The agencies warned that the malicious cyber activity involves "social engineering of victims" using a "variety of communication platforms" to "encourage individuals to download trojanized cryptocurrency applications on Windows or macOS operating systems."

"The cyber actors then use the applications to gain access to the victim’s computer, propagate malware across the victim’s network environment, and steal private keys or exploit other security gaps," the agencies warned.  "These activities enable additional follow-on activities that initiate fraudulent blockchain transactions."

Federal Bureau of Investigation (FBI) Director Christopher Wray testifies before the House Judiciary Committee oversight hearing on the Federal Bureau of Investigation on Capitol Hill, Thursday, June 10, 2021, in Washington. (AP Photo/Manuel Balce Ceneta)

According to the government, as of April 2022, North Korea’s Lazarus Group actors have "targeted various firms, entities, and exchanges in the blockchain and cryptocurrency industry using spearphishing campaigns and malware to steal cryptocurrency."

MICROSOFT: RUSSIA BEHIND 58% OF DETECTED STATE-BACKED HACKS

"These actors will likely continue exploiting vulnerabilities of cryptocurrency technology firms, gaming companies, and exchanges to generate and launder funds to support the North Korean regime," the agencies warned.

The advisory comes after the United States, last month, linked the Lazarus Group to a cryptocurrency heist of more than $620 million earlier this year.

FILE PHOTO: Treasury Secretary Janet Yellen attends the House Financial Services Committee hearing in Washington, U.S., September 30, 2021. Al Drago/Pool via REUTERS/File Photo

FILE PHOTO: Treasury Secretary Janet Yellen attends the House Financial Services Committee hearing in Washington, U.S., September 30, 2021. Al Drago/Pool via REUTERS/File Photo (Al Drago/Pool via REUTERS/File Photo)

The Treasury Department added the notorious Lazarus Group to its sanctions list last month and identified a series of prohibited transactions it was tied to. 

"Identification of the wallet will make clear to other [virtual crime] actors, that by transacting with it, they risk exposure to U.S. sanctions," the Treasury Department said in a statement to Fox News Digital. "This demonstrates Treasury’s commitment to use all available authorities to disrupt malicious cyber actors and block ill-gotten criminal proceeds."

CLICK HERE TO GET THE FOX NEWS APP

This is not the first time the Lazarus Group is believed to have been involved in a major breach—the group was sanctioned by the Treasury Department in 2019 for its alleged involvement in the 2014 Sony Pictures hack, and claimed it was under the control of North Korea’s primary intelligence agency, the Reconnaissance General Bureau (RGB).

Meanwhile, a 2019 United Nations report found that North Korea had stolen a whopping $2 billion for its weapons of mass destruction programs by relying on "widespread and increasingly sophisticated" cyberattack schemes.

Fox News' Gillian Turner and Caitlin McFall contributed to this report. 

Brooke Singman is a political correspondent and reporter for Fox News Digital, Fox News Channel and FOX Business.

More from Politics