US government warns on North Korean crypto hackers

US government warns on North Korean crypto hackers

The US Cybersecurity and Infrastructure Security Agency (CISA) issues a warning yesterday that is noteworthy. It claims that North Korean hacking groups employ various strategies to acquire cryptocurrencies.

This warning comes from the Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency (CISA), and the US Treasury Department.

These hacking groups are known to send emails that appear to be from legitimate exchange or wallet services.

These emails often include attachments or links that,, when clicked, will infect the victim’s computer with malware. This malware can be used to steal sensitive information or even launch attacks on other systems.

Most of these methods center around social engineering. For example, one group will send emails that appear to be from a legitimate exchange or wallet service.

These emails often include attachments or links that, if clicked, will install malware on the victim’s device. This malware can give the hackers access to the victim’s accounts and private keys.

This warning is apparently quite vital, since it is from three important US government departments.

The Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency (CISA), and the US Treasury Department collaborated to issue this advice. They call it a Cybersecurity alert.

The target group

According to several reports, the North Korean crypto hackers have mostly targets US citizens and businesses, especially crypto exchanges.

But it’s possible that they could target anyone in the world. It can affect users indirectly because hackers focus on crypto firms.

The notice emphasizes that significant investors should be aware; but the main emphasis is on cryptocurrency exchanges, decentralized funding protocols, play-to-earn games, venture capital outfits, and trading firms.

This is not the first time of North Korean crypto hackers doing such a thing.

US-CERT previously warned about North Korean cyber activity in August 2017, and the US Treasury Department sanctioned North Korean hacking groups in September 2018.

North Korea has been targeting cryptocurrency exchanges since long ago. The country has already stolen $500 million in 2018, and another $2 billion in 2019.

These are significant amounts of money that may go astray. North Korea used stolen crypto to finance weapons programs not long ago.

An anti-trader effort calls the TraderTraitor campaigns

According to the alert, hacking collectives have been attempting to steal crypto from various firms using a variety of approaches. Phishing campaigns and social engineering are two of these methods. So, what exactly did these criminals do?

The cybercriminals employ several means to distribute the malware, including messaging.

“The messages frequently mimic a recruitment effort and promise high-paying work. To entice recipients into downloading malware-infected cryptocurrency programs known as ‘TraderTraitor,’ which is sponsored by the United States government,” it reads.

Once you download and install, the software would give attackers remote access to the user’s machine. From there, they could then install more malicious software or simply steal information.

“TraderTraitor is a term for describing a variety of malicious software. The fake applications derives from several open-source projects; claiming to be cryptocurrency trading or price prediction tools.

The anti-trader effort campaigns include websites with a contemporary appearance that tout the apps’ capabilities.”

What you can do

Therefore, if you run a crypto firm, the US government recommends taking steps to protect your user data, like using two-factor authentication and strong passwords. You should also be on the lookout for unusual activity, like large withdrawals or strange account behavior.

If you’re a US citizen, you can report any suspicious activity to the FBI’s Internet Crime Complaint Center.