The Cybersecurity and Infrastructure Security Agency (CISA), FBI, and the Treasury Department have issued a joint cybersecurity advisory about North Korean malicious activity known as “AppleJeus.”
The advisory explains that the AppleJeus malware has been used by the Lazarus Group – which CISA and the FBI attribute to North Korean state-sponsored advanced persistent threat (APT) actors – posing as cryptocurrency trading platforms since at least 2018. In most incidents, the malware appears to be from a legitimate cryptocurrency trading company.
The Lazarus Group has targeted organizations for cryptocurrency theft in over 30 countries during the past year alone, the Federal agencies said.
The joint advisory says it is “likely” these cybercriminals view modified cryptocurrency trading applications as a means to circumvent international sanctions on North Korea. The group is targeting individuals and companies, including cryptocurrency exchanges and financial service companies, through the dissemination of modified cryptocurrency trading apps that enable the group to steal cryptocurrency.
“This advisory marks another step by the U.S. Government to counter the ongoing and criminal North Korean global cryptocurrency theft scheme targeting finance, energy, and other sectors,” said Matt Hartman, CISA’s acting executive assistant director of cybersecurity. “The FBI, Treasury, and CISA continue to assess the evolving cyber threat posed by North Korea, cybercriminals, and other nation-state actors and are committed to providing organizations timely information and mitigations to combat these threats.”