FBI: ‘North Korean hackers are after your cryptocurrency’
Hackers from the Democratic People’s Republic of Korea are deploying hard-to-detect social engineering campaigns against employees of decentralized finance (DeFi), cryptocurrency and similar businesses. Their goal is to deploy malware and steal cryptocurrency of gullible victims.
The FBI’s Internet Crime Complaint Center (IC3) calls these social engineering schemes “complex and elaborate”. They’re designed in such a way that even experienced and well-informed cryptocurrency traders could fall for it.
“For companies active in or associated with the cryptocurrency sector, the FBI emphasizes North Korea employs sophisticated tactics to steal cryptocurrency funds and is a persistent threat to organizations with access to large quantities of cryptocurrency-related assets or products,” the FBI states in a public service announcement.
The scam starts with a thorough investigation. Teams of North Korean hackers identify specific DeFi or cryptocurrency-related businesses and pick out a random employee to target. Next, the attackers dive into his personal life and gather as much private information from social media and job sites as they can, including details about his job skills, business interests and hobbies.
Once they know all about their victim’s personal life, the hackers create an individualized fake scenario, like a job offer or corporate investment. In order to build trust, the threat actors reference personal information, interests, affiliations, events, personal relationships, professional connections, or details a victim may believe are known to few others.
Once there’s a mutual bond of trust, the hackers try to trick the victim into clicking on a malicious link and downloading and installing malware. That’s how the threat actors gain and keep access to the company’s corporate network and try to steal cryptocurrency.
Another trick that North Korean hackers love to perform is impersonation. They pretend to be someone the victim might directly or indirectly know, like a recruiter, headhunter or executive from a well-known tech company.
There are also instances of fabricated companies and fake websites to make the scam look legitimate. The Department of Justice seized 17 North Korean domains in October 2023 that tried to impersonate real businesses.
IC3 has summed up a list of indicators that might indicate you’re dealing with North Korean social engineering activity, including unsolicited contacts, requests to download an attachment or application, and unexpected job offers from prominent cryptocurrency or technology firms.
Lastly, the FBI has laid down numerous mitigation measures to minimize the risk you’ll become the victim of North Korean hackers and scammers. The first tip is to verify the identity of a contact through multiple channels. Also, don’t store information about cryptocurrency wallets on devices that are connected to the internet.
When asked to take a pre-employment test, use a virtual machine that’s not connected to your company’s network. Require multiple factors of authentication and approvals from several different unconnected networks before any financial transaction takes place, and regularly check your network for vulnerabilities.
Last but not least, limit access to sensitive network documentation, business or product development pipelines, and company code repositories.
If you suspect your company has become a victim of a North Korean social engineering campaign, contact the FBI’s Internet Crime Complaint Center (IC3) and share details with colleagues and competitors.
Your email address will not be published. Required fields are marked