An advanced persistent threat (APT) is a broad term used to describe an attack campaign in which a team of intruders establishes an illicit, long-term presence on a network to mine sensitive data.
The biggest and the most notable example of this attack type is the Ronin validator hack.
Such attacks, in most cases, are performed by Nation states, well-funded criminal organizations, and other advanced organized groups.
There are a lot of talks and even confirmations that some advanced groups are actively targeting web3 projects.
The people behind the most concerning APTs usually live in places without extradition treaties with the U.S. and EU, making it harder for them to be prosecuted for their criminal activities. One of the most well-known APTs is Lazarus, widely linked to North Korea.
From the earlier investigations, it is known that Lazarus advanced persistent threat (APT) group targets cryptocurrency companies with trojanized Windows and macOS cryptocurrency applications.
The malicious apps steal private keys and exploit other security vulnerabilities to execute subsequent attacks and fraudulent transactions.
U.S. authorities linked Lazarus to Ronin’s $625 million hack.
Lazarus APT targets employees of blockchain companies, using fake job offers.
Lazarus APT uses various communication platforms to send phishing messages to employees of cryptocurrency companies. It targets all employees, but mostly system administrators, software developers, or IT operations (DevOps).
The messages often mimic a recruitment effort and offer high-paying jobs to push the recipients to download malware applications, which the U.S. government refers to as ‘TraderTraitor.
According to CISA, the Lazarus campaign distributes apps developed in JavaScript targeting the Node.js runtime environment using the cross-platform Electron framework. The apps are forked from various open-source cryptocurrency projects.
U.S. agencies published a comprehensive list of tactics, techniques, and procedures (TTPs) and indicators of compromise (IoC) related to Lazarus APT. Moreover, they advised blockchain companies to use various mitigations to minimize Lazarus APT’s threat to the cryptocurrency industry.
According to CISA, blockchain companies should implement security strategies, at least access models and defense-in-depth.
Be the first to receive our latest company updates, Web3 security insights, and exclusive content curated for the blockchain enthusiasts.
Table of contents
Tell us about your project
14 min read
Discover
28 min read
Discover