Cyber actors in North Korea are using sophisticated social engineering campaigns against cryptocurrency operations, according to the FBI.
In Public Service Announcement (PSA), published today, the Bureau warns that hacking groups from the Democratic People's Republic of Korea are targeting employees in cryptocurrency, decentralized finance and related businesses, with a view to stealing cryptocurrency.
The attacks, the FBI advises, are tailored and hard to detect.
Malicious cyber actors carry out extensive reconnaissance and research to identify their target victims. This includes probing their social media activities, especially on professional networking sites.
They then build sophisticated fictional scenarios to lure in individuals, with details the victims believe are only known to their genuine contacts. The scenarios, the FBI said, often include offers of employment or investment.
The attackers then build up a rapport with the victim over time. They sometimes go further, impersonating the victim’s contacts using both pictures stolen from open social media sites, and fake images of time-sensitive events.
The attackers then ask the victim to run non-standard software or scripts, or ask to move the conversation to another messaging platform, to complete the attack.
Organizations Urged to Reduce Risks
The PSA advises organizations to improve how they secure crypto wallets, have methods to verify contacts’ identities and to “funnel business communications to closed platforms and require authentication.”
“One of the key facts that the FBI details is that the North Korean threat actors are willing to engage in prolonged communication with victims and willing to take the time to fully establish themselves as a trusted individual before providing a scenario in which executing software locally makes sense,” cautioned Max Gannon, cyber intelligence team manager at security company Cofense.
He advises conducting job interviews or pre-employment tests away from work devices.
“These advanced campaigns are purportedly capable of fooling even technically knowledgeable cybersecurity professionals, however, maintaining a high level of suspicion in online interactions, even of those that seem to be legitimate, can help drastically reduce the risk of compromise,” he said.
Research earlier this year found that twice as much was stolen from crypto exchanges in the first half of 2024, compared with the same period in 2023. TRM Labs found that criminal hackers stole $1.38bn.