FBI Warns that North Korean Hackers Aggressively Attacking Employees of Crypto Companies

The FBI has issued a stark warning to cryptocurrency companies, highlighting increased sophisticated cyberattacks orchestrated by North Korean hackers.

These attacks, primarily targeting employees within the decentralized finance (DeFi) and cryptocurrency sectors, are part of a broader strategy to steal digital assets and disrupt financial operations.

Sophisticated Social Engineering Tactics

North Korean cyber actors have developed intricate social engineering schemes that are difficult to detect, even by those well-versed in cybersecurity.

These schemes often involve extensive pre-operational research, where hackers meticulously gather information about their targets.

By reviewing social media activity and professional networking profiles, they target specific employees within DeFi or cryptocurrency-related businesses.

Once a target is identified, hackers craft personalized fake scenarios to engage their victims. These scenarios may include offers of new employment or corporate investment, often referencing personal details to make the approach seem legitimate. The goal is to build rapport and trust, eventually leading to malware delivery.

What Does MITRE ATT&CK Expose About Your Enterprise Security? - Watch Free Webinar!

Impersonation and Deceptive Communication

A key tactic employed by these hackers is impersonation. North Korean cyber actors frequently pose as known contacts or reputable recruiters on professional networking sites.

They use realistic imagery, such as stolen photos from social media profiles, to enhance their credibility. In some cases, they create entire fake entities, complete with professional-looking websites, to further deceive their targets.

The hackers communicate in fluent or nearly fluent English and demonstrate a strong understanding of the technical aspects of the cryptocurrency field.

This fluency and technical knowledge make their impersonations even more convincing, increasing the likelihood of successful attacks.

Indicators of North Korean Social Engineering Activity

The FBI has identified several indicators that may suggest North Korean social engineering activity. These include:

• Requests to execute code or download applications on company-owned devices.
• Offers of employment or investment that are unsolicited or involve unrealistically high compensation.
• Insistence of using non-standard software for simple tasks.
• Requests to move professional conversations to other messaging platforms.
• Unsolicited contacts containing unexpected links or attachments.

Mitigation Strategies and Response Recommendations

To mitigate the risk of falling victim to these advanced social engineering tactics, the FBI recommends several best practices:

• Verify a contact’s identity using separate communication platforms.
• Avoid storing sensitive cryptocurrency information on Internet-connected devices.
• Multiple authentication factors are required for financial transactions.
• Limit access to sensitive network documentation and code repositories.

In the event of a suspected attack, the FBI advises immediate action. This includes disconnecting impacted devices from the Internet and filing a detailed complaint through the FBI Internet Crime Complaint Center (IC3).

Companies are encouraged to collaborate with law enforcement and consider private incident response options.

Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14 day free trial