CISA, FBI and Treasury issue North Korean malware warning

Federal authorities issued a cybersecurity warning about possible malicious activity by the North Korean government related to the “AppleJeus” malware.

The advisory was issued by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of the Treasury (Treasury)

The joint advisory provides technical details on the AppleJeus malware in all its forms. It has been used by North Korea posing as cryptocurrency trading platforms since at least 2018. The malicious application, which attacks both Windows and Mac operating systems, appears to be from a legitimate cryptocurrency trading company, tricking people into downloading it as a third-party application.

“This advisory marks another step by the U.S. Government to counter the ongoing and criminal North Korean global cryptocurrency theft scheme targeting finance, energy, and other sectors. The FBI, Treasury, and CISA continue to assess the evolving cyber threat posed by North Korea, cybercriminals, and other nation-state actors and are committed to providing organizations timely information and mitigations to combat these threats,” Matt Hartman, acting executive assistant director of cybersecurity at CISA, said.

Of the seven versions of the AppleJeus malware that have been detected thus far, four were identified in 2020.

“This advisory will provide the financial sector and the cybersecurity community with a detailed picture of North Korean threat capability that will assist cyber defenders in multiple sectors in identifying and mitigating this active threat, further demonstrating the value of interagency partnerships in combating cybercrime and malicious nation-state actor activity,” Paul Neff, director of cyber policy, preparedness and response in the Office of Cybersecurity and Critical Infrastructure Protection at the U.S. Treasury, said.

Organizations, specifically those in the financial services sector, should assess their networks and implementing appropriate mitigation.

“Today’s announcement highlights the strong partnership between the FBI, CISA, and Treasury to defend against cyber threats to our nation’s security. The FBI is committed to using our authorities, capabilities, and partnerships to raise the costs on those like North Korea who mistakenly believe they can hold our networks at risk without incurring risk themselves,” Tonya Ugoretz, acting assistant director of cyber division at the FBI, said.