North Korean government-sponsored cyber syndicates reaped nearly $400 million in digital assets from seven major attacks on cryptocurrency platforms in 2021, a recent report said. The value gained from the attacks spiked by 40 percent from the prior year.Advanced persistent threat (APT) cyber actors operating for the Democratic People’s Republic of Korea (DPRK) have hit investment firms and centralized exchanges, said researcher Chainalysis in a blog post. Many of the cyber offensives were carried out by the notorious Lazarus group (aka APT38), which is also using its multi-platform (Windows, Linux and MacOS) targeted malware framework (MATA) to conduct cyber espionage in the defense industry.Since 2018, Lazarus is believed to have stolen and laundered more than $200 million annually in virtual currencies, according to Chainalysis. Of late, the syndicate has reportedly developed the ability to attack supply chains. Such is the threat of supply chain attacks that the Cybersecurity and Infrastructure Agency (CISA) last month released a new framework for government and private sector organizations on how to engage with managed security service providers (MSSPs) and managed service providers (MSPs) to minimize supply risk and improve overall security.The $81 million heist from the Bangladesh Central Bank in 2016. The infamous attack on Sony Pictures in 2014 that cost the studio millions. The destructive WannaCry ransomware assault in 2017. Dozens of large cyber robberies on automated teller machines in 2018 from which it lifted millions of dollars in a two-year wave of cyber burglaries. Even though the DPRK is a “cemented” threat to the cryptocurrency industry, tools such as blockchain analysis tools, compliance teams, criminal investigators, and hack victims “can follow the movement of stolen funds, jump on opportunities to freeze or seize assets, and hold bad actors accountable for their crimes,” Chainalysis said.Provide your SOC team with access to the latest threat intelligence. Upskill your cybersecurity team to tackle the latest targeted threats. Implement EDR solutions for endpoint level detection, investigation, and timely remediation of incidents. Implement a corporate-grade security solution that detects advanced threats on the network level at an early stage. Introduce security awareness training and teach practical skills to your team. Many targeted attacks start with phishing or other social engineering techniques that can take advantage of untrained employees.