SCAMSSECURITY

FBI Reveals: North Korea Actively Targeting Cryptocurrency Industry, Using Social Engineering to Target Employees of Crypto Companies

share
FBI Reveals: North Korea Actively Targeting Cryptocurrency Industry, Using Social Engineering to Target Employees of Crypto Companies

According to an official statement by the Federal Bureau of Investigation (FBI) on September 3, North Korea has recently been conducting specially designed and difficult-to-detect social engineering attacks targeting decentralized finance (DeFi), cryptocurrency, and employees of related enterprises, attempting to spread malicious software and steal the companies' cryptocurrency assets.

FBI: North Korea Targeting Cryptocurrency ETF-Related Companies with Social Engineering

The FBI has revealed that in the past few months, North Korean hackers have been targeting several companies related to cryptocurrency ETFs, and may launch malicious attacks on companies dealing with cryptocurrency ETFs or other cryptocurrency-related financial products in the future.

North Korean hackers identify specific DeFi or cryptocurrency-related companies, conduct in-depth research on victims by reviewing social media activities, especially on professional networks or job platforms, before engaging with the target.

By utilizing victims' backgrounds, skills, and professional interests, they carefully design fictional scenarios, such as job opportunities or investment proposals, to attract victims. The personal information they exploit is often something the victim believes only a few people know about.

Building Trust Continuously While Impersonating Identities

Hackers establish long-term contact with victims to build trust and send malware without raising suspicion. Once contact is established, hackers invest significant time in interactions to increase credibility and familiarity. They may impersonate friends or acquaintances of the victim, even using stolen real photos from social media to enhance credibility, or use photos from fake events to prompt victims to take action.

Social Engineering Attacks Use These Tactics

  • Requesting execution of code or downloading applications on company devices or devices connected to internal networks.

  • Requesting "job tests" or exercises that may involve executing non-standard or unknown code like Node.js, PyPI, GitHub source code, etc.

  • Unexpectedly offering high-paying job opportunities from well-known cryptocurrency or tech companies without negotiation.

  • Unexpected investment proposals from well-known companies.

  • Insisting on using non-standard or custom software for simple tasks (video conferences, connecting to servers).

  • Executing scripts to bypass regional restrictions, enabling calls or video conferences.

  • Requesting to move conversations to other communication platforms.

  • Unsolicited contacts containing unexpected links or attachments.

FBI Offers Countermeasures Against Social Engineering Attacks

  • If devices are compromised, keep them powered on and immediately disconnect from the network to prevent loss of recoverable malicious software files.

  • Submit detailed complaints through the FBI Internet Crime Complaint Center (IC3) at www.ic3.gov.

  • Provide law enforcement with detailed information about the incident, including screenshots of conversations with the attackers and relevant data.

  • Discuss evidence collection and response measures with law enforcement, and consider assistance from cybersecurity companies if necessary.

  • Share experiences with colleagues and friends in a timely manner to raise awareness and increase information on North Korean cyber attacks.

North Korea's attacks on the cryptocurrency industry have entered a sophisticated and hard-to-detect stage. Whether as a company or an individual, no matter how rich one's knowledge of cybersecurity is, they could become a target. Be cautious about what you share on social media, and make good use of privacy settings. If you feel suspicious during interactions, stay calm and think twice before taking action.