Audits
Services
Services
Smart Contract Audit
Blockchain Protocol Audit
Penetration Testing
Cloud Penetration Testing
dApp Audit
Crypto Wallet Audit
Cross-Chain Bridge Audit
Bug Bounty
Proof of Reserves
CCSS Audit
Tokenomics Audit & Design
Smart Contract Audit
Mitigate weaknesses in your smart contract and improve its functionality with a double line-to-line code analysis and a separate review by a lead auditor.
Blockchain Protocol Audit
Secure the entire architecture and implementation layers of your blockchain protocol with professional security audits and testing.
Penetration Testing
Proactively detect vulnerabilities in your Web3 project by subjecting your systems to a simulated cyberattack in a secure and controlled environment.
Cloud Penetration Testing
Secure your cloud with Hacken's expert penetration testing. Our certified team delivers tailored security solutions for AWS, Azure, Kubernetes, and more, ensuring your data's safety.
dApp Audit
Identify vulnerabilities in applications interacting with blockchain networks with secure code review and static security analysis.
Crypto Wallet Audit
Code review & static security analysis for crypto wallet apps.
Cross-Chain Bridge Audit
Code review & security analysis for cross-chain crypto bridges.
Bug Bounty
Receive only relevant bug reports or undergo crowdsourced penetration testing with the help of thousands of ethical hackers curated by HackenProof.
Proof of Reserves
Enhance transparency in crypto exchanges with independent on-chain proof of assets’ true collateralization.
CCSS Audit
Assess and strengthen your security practices, identify vulnerabilities, and safeguard valuable digital assets in the ever-evolving cryptocurrency landscape.
Tokenomics Audit & Design
Ensure your token model robustness and efficiency and convey trust to investors and community with our thorough, independent audit of protocol economic security.
Solutions
Post-deployment security solution
Hacken Extractor
Real-time smart contract protection from assets loss
Learn more
Solutions
Featured ecosystems:
Ethereum (EVM)
BSC
Polygon
Near
Avalanche
Fantom
Aptos
Sui
Optimism
zkSync
Arbitrum
Solana
Polkadot
Cosmos
Radix
Linea
MetaMask
Others
By Languages:
Solidity
Rust
Move
Blog
Company
Company

Advanced Persistent Threat (APT)

Advanced Persistent Threat (APT)

2 minutes

What is Advanced Persistent Threat

An advanced persistent threat (APT) is a broad term used to describe an attack campaign in which a team of intruders establishes an illicit, long-term presence on a network to mine sensitive data.

The biggest and the most notable example of this attack type is the Ronin validator hack.

Such attacks, in most cases, are performed by Nation states, well-funded criminal organizations, and other advanced organized groups.

There are a lot of talks and even confirmations that some advanced groups are actively targeting web3 projects.

The people behind the most concerning APTs usually live in places without extradition treaties with the U.S. and EU, making it harder for them to be prosecuted for their criminal activities. One of the most well-known APTs is Lazarus, widely linked to North Korea.

Malware Types

From the earlier investigations, it is known that Lazarus advanced persistent threat (APT) group targets cryptocurrency companies with trojanized Windows and macOS cryptocurrency applications.

The malicious apps steal private keys and exploit other security vulnerabilities to execute subsequent attacks and fraudulent transactions.

U.S. authorities linked Lazarus to Ronin’s $625 million hack.

Phishing Methods

Lazarus APT targets employees of blockchain companies, using fake job offers.

Lazarus APT uses various communication platforms to send phishing messages to employees of cryptocurrency companies. It targets all employees, but mostly system administrators, software developers, or IT operations (DevOps).

The messages often mimic a recruitment effort and offer high-paying jobs to push the recipients to download malware applications, which the U.S. government refers to as ‘TraderTraitor.

According to CISA, the Lazarus campaign distributes apps developed in JavaScript targeting the Node.js runtime environment using the cross-platform Electron framework. The apps are forked from various open-source cryptocurrency projects.

How to protect yourself

U.S. agencies published a comprehensive list of tactics, techniques, and procedures (TTPs) and indicators of compromise (IoC) related to Lazarus APT. Moreover, they advised blockchain companies to use various mitigations to minimize Lazarus APT’s threat to the cryptocurrency industry.

According to CISA, blockchain companies should implement security strategies, at least access models and defense-in-depth.