Cryptocurrency news

This is How N. Korea is ‘Aggressively’ Attacking the Crypto Industry, According to the FBI

CryptoPotato / 08.09.2024 / 21:36
This is How N. Korea is ‘Aggressively’ Attacking the Crypto Industry, According to the FBI

The United States Federal Bureau of Investigation (FBI) has issued a paper alerting the public of “aggressive” attacks from North Korean hackers against the crypto industry and companies associated with digital asset investment products.

According to the report, these attacks consist primarily of sophisticated social engineering tactics that even crypto employees and market participants well-versed in cybersecurity practices could fall victim to.

N. Korean Hackers Target Crypto Firms

These social engineering attacks are often complex, elaborate, and difficult to detect. The hackers have conducted research on multiple targets active in or connected to the crypto industry. The FBI observed pre-operational preparations suggesting these bad actors may attempt malicious cyber activities against these companies through their employees.

“For companies active in or associated with the cryptocurrency sector, the FBI emphasizes North Korea employs sophisticated tactics to steal cryptocurrency funds and is a persistent threat to organizations with access to large quantities of cryptocurrency-related assets or products,” the U.S. agency stated.

Before these groups of North Korean hackers attempt to gain unauthorized access to company networks and devices through employees, they look for their prospective victims on social media, particularly professional networking and employment-related platforms.

The hackers incorporate the target’s personal details regarding their background, employment, or business interests to create customized fictional scenarios, such as new employment or corporate investment offers. They ensure these scenarios are uniquely appealing to the targeted persons.

Impersonators and “Normal” Requests

Once the bad actors initiate contact with the targets, they strive to maintain rapport to build familiarity, trust, and a sense of legitimacy. Then, they attack when the victims are unsuspecting or in situations that seem natural by delivering malware to their devices or company networks.

Some seemingly natural situations include requests to enable video call functionalities supposedly blocked due to a victim’s location, requests to download applications or execute codes on company devices or networks, requests to conduct pre-employment tests and debugging exercises, and insistence on using custom software for simple tasks.

These attackers also impersonate high-profile individuals, technology experts, and recruiters on professional networking websites.

“To increase the credibility of their impersonations, the actors leverage realistic imagery, including pictures stolen from open social media profiles of the impersonated individual. These actors may also use fake images of time-sensitive events to induce immediate action from intended victims,” the agency added.

The FBI has instructed crypto firms to remain alert and affected entities to take proper action to fix the issues before they cause significant harm.

Source
Recently News

© Token Radar 2024. All Rights Reserved.
IMPORTANT DISCLAIMER: All content provided herein our website, hyperlinked sites, associated applications, forums, blogs, social media accounts and other platforms (“Site”) is for your general information only, procured from third party sources. We make no warranties of any kind in relation to our content, including but not limited to accuracy and updatedness. No part of the content that we provide constitutes financial advice, legal advice or any other form of advice meant for your specific reliance for any purpose. Any use or reliance on our content is solely at your own risk and discretion. You should conduct your own research, review, analyse and verify our content before relying on them. Trading is a highly risky activity that can lead to major losses, please therefore consult your financial advisor before making any decision. No content on our Site is meant to be a solicitation or offer.