The United States Federal Bureau of Investigation (FBI) has issued a paper alerting the public of “aggressive” attacks from North Korean hackers against the crypto industry and companies associated with digital asset investment products.
According to the report, these attacks consist primarily of sophisticated social engineering tactics that even crypto employees and market participants well-versed in cybersecurity practices could fall victim to.
N. Korean Hackers Target Crypto Firms
These social engineering attacks are often complex, elaborate, and difficult to detect. The hackers have conducted research on multiple targets active in or connected to the crypto industry. The FBI observed pre-operational preparations suggesting these bad actors may attempt malicious cyber activities against these companies through their employees.
“For companies active in or associated with the cryptocurrency sector, the FBI emphasizes North Korea employs sophisticated tactics to steal cryptocurrency funds and is a persistent threat to organizations with access to large quantities of cryptocurrency-related assets or products,” the U.S. agency stated.
Before these groups of North Korean hackers attempt to gain unauthorized access to company networks and devices through employees, they look for their prospective victims on social media, particularly professional networking and employment-related platforms.
The hackers incorporate the target’s personal details regarding their background, employment, or business interests to create customized fictional scenarios, such as new employment or corporate investment offers. They ensure these scenarios are uniquely appealing to the targeted persons.
Impersonators and “Normal” Requests
Once the bad actors initiate contact with the targets, they strive to maintain rapport to build familiarity, trust, and a sense of legitimacy. Then, they attack when the victims are unsuspecting or in situations that seem natural by delivering malware to their devices or company networks.
Some seemingly natural situations include requests to enable video call functionalities supposedly blocked due to a victim’s location, requests to download applications or execute codes on company devices or networks, requests to conduct pre-employment tests and debugging exercises, and insistence on using custom software for simple tasks.
These attackers also impersonate high-profile individuals, technology experts, and recruiters on professional networking websites.
“To increase the credibility of their impersonations, the actors leverage realistic imagery, including pictures stolen from open social media profiles of the impersonated individual. These actors may also use fake images of time-sensitive events to induce immediate action from intended victims,” the agency added.
The FBI has instructed crypto firms to remain alert and affected entities to take proper action to fix the issues before they cause significant harm.