FBI, Treasury release report on North Korean digital currency malware

FBI, Treasury release report on North Korean digital currency malware

Three federal agencies in the United States have published a report detailing one of the tools the North Korean government has been using to allegedly steal digital currencies globally. Known as AppleJeus, it poses as legitimate digital currency trading software, the report claimed. The agencies believe AppleJeus has infected victims in over 30 countries around the world.

The February 17 report was compiled by the FBI, the Treasury Department and the Cybersecurity and Infrastructure Security Agency. It claims that North Korean hackers have been using AppleJeus malware since at least 2018. These hackers are part of the so-called “Hidden Cobra,” a term the U.S. government uses to refer to malicious cyber activity by the North Korean government.

Hidden Cobra has targeted a diverse array of sectors, the report outlines. They include energy, government, finance, telecommunications, industrial and technology. Their victims span all continents except in Africa. Some of the countries they have targeted include the U.S., New Zealand, Estonia, Russia, Luxembourg, Ireland, Malta, Israel, Brazil, China, Canada, Japan and Australia.

AppleJeus has targeted its victims in various versions, the report details. They include Celas Trade Pro, a BTC trading application which dates back to August 2018. Other versions include JMT Trading from October 2019, Onion Crypto from December 2019, Kupay Wallet from March 2020, CoinGoTrade from ‘early 2020’ and Dorusio from March 2020.

Its most recent version was Ants2Whale, a digital currency platform. As per the report, the Ants2Whale website was full of spelling and grammar mistakes, indicating the hackers didn’t have English as their first language.

The report urged any organization that has been a victim of AppleJeus malware to contact the FBI or CISA. They should also generate new keys for their digital currency wallets, or move to an entirely new one. They must start using hardware wallets, introduce two-factor authentication and change all their passwords.

Paul Neff, the director of cyber policy at the Treasury remarked, “This advisory will provide the financial sector and the cybersecurity community with a detailed picture of North Korean threat capability that will assist cyber defenders in multiple sectors in identifying and mitigating this active threat, further demonstrating the value of interagency partnerships in combating cybercrime and malicious nation-state actor activity.”

The report comes after the DoJ charged three North Koreans with being behind some of the biggest hacks to date. DoJ alleged that they have stolen over $1.3 billion in cash and digital currencies over the years. Some of their famous targets include Sony Entertainment, banks in Asian countries and digital currency startups. The Justice Department also linked the three to AppleJeus and all its offshoots.

Follow CoinGeek’s Crypto Crime Cartel series, which delves into the stream of groups-from BitMEX to BinanceBitcoin.comBlockstreamShapeShiftCoinbaseRipple and 
Ethereum—who have co-opted the digital asset revolution and turned the industry into a minefield for naïve (and even experienced) players in the market.

New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.

[id^="_form"]
[id^="_form"]
[id$="_submit"]
[id$="_submit"]
[^;]
[^;]
[?&]
[?&]
[^&#]
[^&#]
[(d+)]
[(d+)]
[elem.name]
[elem.name]
[+_a-z0-9-'&=]
[+_a-z0-9-'&=]
[+_a-z0-9-']
[+_a-z0-9-']
[a-z0-9-]
[a-z0-9-]
[a-z]
[a-z]
[el.name]
[el.name]
[id^="_form"]
[id^="_form"]
[id$="_submit"]
[id$="_submit"]
[^;]
[^;]
[?&]
[?&]
[^&#]
[^&#]
[(d+)]
[(d+)]
[elem.name]
[elem.name]
[+_a-z0-9-'&=]
[+_a-z0-9-'&=]
[+_a-z0-9-']
[+_a-z0-9-']
[a-z0-9-]
[a-z0-9-]
[a-z]
[a-z]
[el.name]
[el.name]