The Federal Bureau of Investigation (FBI) on Tuesday warned that malicious cyber actors from North Korea are carrying out specialized, difficult-to-detect social engineering campaigns against cryptocurrency companies and their employees to deploy malware and steal company cryptocurrency.
“North Korean social engineering schemes are complex and elaborate, often compromising victims with sophisticated technical acumen. Given the scale and persistence of this malicious activity, even those well versed in cybersecurity practices can be vulnerable to North Korea’s determination to compromise networks connected to cryptocurrency assets,” wrote the FBI in a public service announcement.
According to the FBI, over the last several months, the Democratic People’s Republic of Korea (DPRK) has been conducting research targeting individuals connected to cryptocurrency exchange-traded funds (ETFs), particularly those involved in decentralized finance (DeFi) apps.
This involves extensive pre-operational research and customized fictional scenarios uniquely designed to exploit the targeted person’s specific interests and connections.
It suggests that they may attempt potential malicious cyberattacks against companies associated with cryptocurrency ETFs or other crypto-related financial products in the future.
The FBI also warned organizations with access to large quantities of cryptocurrency-related assets or products to be aware of North Korean threat actors, as they are also at risk of being targeted.
Their methods include impersonating prominent people associated with certain technologies, creating fake scenarios involving new employment or corporate investment tailored to the victim’s background and interests, and deploying malware through prolonged conversations with prospective victims.
“North Korean fake scenarios often include offers of new employment or corporate investment. The actors may reference personal information, interests, affiliations, events, personal relationships, professional connections, or details a victim may believe are known to few others,” the FBI warns.
“The actors usually attempt to initiate prolonged conversations with prospective victims to build rapport and deliver malware in situations that may appear natural and non-alerting. If successful in establishing bidirectional contact, the initial actor, or another member of the actor’s team, may spend considerable time engaging with the victim to increase the sense of legitimacy and engender familiarity and trust.”
To increase the credibility of their schemes, these threat actors impersonate known contacts, recruiting firms, or technology companies backed by professional websites and use realistic imagery, including pictures stolen from open social media profiles, as well as fake images of time sensitive events to get immediate action from intended victims
“The actors may also impersonate recruiting firms or technology companies backed by professional websites designed to make the fake entities appear legitimate. Examples of fake North Korean websites can be found in affidavits to seize 17 North Korean domains, as announced by the Department of Justice in October 2023,” the FBI added.
As per the FBI, these threat actors usually communicate with victims in fluent or nearly fluent English and deeply understand the technical aspects of the cryptocurrency field.
The FBI has also provided a list of potential indicators of North Korean social engineering activity and mitigation methods that the cryptocurrency industry and its employees should follow to protect their assets against these sophisticated cyber threats.
[ad_2]