Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
August 24, 2023
Severity High Analysis Summary Patchwork is an Advanced Persistent Threat (APT) group that has been active since at least 2014. Patchwork primarily targets government, defense, and […]August 24, 2023
Severity High Analysis Summary The Mirai botnet is a type of malware that infects Internet of Things (IoT) devices, such as routers, security cameras, and other […]August 24, 2023
Severity High Analysis Summary Amadey is a botnet, a type of malicious software that infects computers and turns them into “bots” or “zombies” that can be […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
August 24, 2023
Severity High Analysis Summary Patchwork is an Advanced Persistent Threat (APT) group that has been active since at least 2014. Patchwork primarily targets government, defense, and […]August 24, 2023
Severity High Analysis Summary The Mirai botnet is a type of malware that infects Internet of Things (IoT) devices, such as routers, security cameras, and other […]August 24, 2023
Severity High Analysis Summary Amadey is a botnet, a type of malicious software that infects computers and turns them into “bots” or “zombies” that can be […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Alert – STOP (DJVU) Ransomware – Active IOCs
August 24, 2023
Rewterz Threat Alert – Amadey Botnet – Active IOCs
August 24, 2023
Severity
High
Analysis Summary
The Federal Bureau of Investigation (FBI) has disclosed information regarding the activities of six cryptocurrency wallets linked to North Korea-affiliated threat actors. These wallets collectively contain around 1,580 Bitcoins, valued at approximately $41 million, believed to be connected to recent thefts of hundreds of millions of dollars in cryptocurrency.
They issued an alert, warning cryptocurrency companies about blockchain activities associated with the thefts, tracing the stolen cryptocurrency to individuals associated with the Democratic People’s Republic of Korea (DPRK), specifically the TraderTraitor group, also known as Lazarus Group or APT38. The FBI suspects that the DPRK might attempt to convert the stolen Bitcoin, which exceeds $40 million, into cash.
The investigation revealed that these TraderTraitor-linked actors moved the stolen Bitcoin from several cryptocurrency heists to six specific wallets, identified by their addresses:
- 3LU8wRu4ZnXP4UM8Yo6kkTiGHM9BubgyiG
- 39idqitN9tYNmq3wYanwg3MitFB5TZCjWu
- 3AAUBbKJorvNhEUFhKnep9YTwmZECxE4Nk
- 3PjNaSeP8GzLjGeu51JR19Q2Lu8W2Te9oc
- 3NbdrezMzAVVfXv5MTQJn4hWqKhYCTCJoB
- 34VXKa5upLWVYMXmgid6bFM4BaQXHxSUoL
The DPRK-affiliated hackers targeted various platforms, including Atomic Wallet, Alphapo, and CoinsPaid, amassing significant sums—$100 million from Atomic Wallet, $60 million from Alphapo, and $37 million from CoinsPaid.
This isn’t the first instance of North Korean APT groups targeting cryptocurrencies. Previous operations include attacks on Harmony’s Horizon bridge and Sky Mavis’ Ronin Bridge.
Based on data aggregated by a blockchain intelligence company, hackers affiliated with North Korea are believed to have pilfered more than $2 billion in cryptocurrencies starting from 2018 through a sequence of around 30 cyberattacks. Notably, the year 2023 alone witnessed a theft of approximately $200 million.
The FBI advises private entities to carefully analyze blockchain data related to the identified wallet addresses and be cautious when engaging in transactions involving these addresses.
“Private sector entities should examine the blockchain data associated with these addresses and be vigilant in guarding against transactions directly with, or derived from, the addresses,” the notice concludes.
The latest notice emphasizes ongoing cooperation between law enforcement and the cryptocurrency industry, highlighting the challenges the digital asset world faces in security. This situation underscores the severity of threats the cryptocurrency industry confronts. Nevertheless, it also underscores the potential for innovation and collaboration in tackling these challenges. The combined efforts of law enforcement, exchanges, and other industry stakeholders are shaping a future that effectively balances opportunities with security, despite complex hacking threats and regulatory hurdles.
Impact
- Financial Loss
- Crypto Theft
Recommendations
- Cryptocurrency companies should bolster their overall security posture by implementing advanced security measures, including multi-factor authentication (MFA), strong access controls, and encryption.
- Develop and regularly update an incident response plan that outlines the steps to take in case of a security breach. Test the plan through simulations to ensure its effectiveness.
- Conduct regular security audits and vulnerability assessments to identify and remediate potential weaknesses within cryptocurrency platforms and wallets.
- Educate users about security best practices, including how to recognize phishing attempts, safeguard private keys, and enable strong authentication methods.
- Perform red team exercises to simulate attacks and identify vulnerabilities.
- Deploy advanced threat detection tools that monitor for anomalous activities and unauthorized access attempts on cryptocurrency platforms.
- Work closely with law enforcement agencies to provide necessary information, cooperate during investigations, and aid in tracking down threat actors.
- Maintain transparent communication with users and stakeholders about security incidents, the measures taken to mitigate risks, and any recommended actions.
- Implement continuous monitoring of networks and systems to quickly detect and respond to any suspicious activities or unauthorized access.
- Be aware of geopolitical tensions and political developments that might impact the threat landscape. Such awareness can inform security strategies.