North Korean hackers are aggressively targeting the cryptocurrency industry, using sophisticated social engineering to achieve their goals, the Federal Bureau of Investigation warns.
The purpose of the attacks, the FBI advisory shows, is to deploy malware and steal virtual assets from decentralized finance (DeFi), cryptocurrency, and similar entities.
“North Korean social engineering schemes are complex and elaborate, often compromising victims with sophisticated technical acumen. Given the scale and persistence of this malicious activity, even those well versed in cybersecurity practices can be vulnerable,” the FBI says.
According to the agency, North Korean threat actors are conducting extensive research on prospective victims associated with DeFi or cryptocurrency-related businesses, and then target them with individualized fake scenarios, typically involving new employment or corporate investments.
The attackers also engage in prolonged conversations with the intended victims, to establish trust before delivering malware “in situations that may appear natural and non-alerting”.
Furthermore, the threat actors often impersonate various individuals, including contacts that the victim may know, using realistic imagery, such as photos stolen from social media accounts, and fake images of time sensitive events.
According to the FBI, North Korean threat actors have been observed conducting research on targets connected to cryptocurrency exchange-traded funds (ETFs), which suggests they could start targeting these entities.
Individuals associated with the crypto industry should be aware of requests to run code or applications on company-owned devices, requests to conduct tests or exercises involving non-standard code packages, offers of employment or investment, requests to move conversations to other messaging platforms, and unsolicited contacts containing links or attachments.
Organizations are advised to develop means of verifying a contact’s identity, to refrain from sharing information about cryptocurrency wallets, avoid taking pre-employment tests or running code on company-owned devices, implement multi-factor authentication, use closed platforms for business communication, and limit access to sensitive network documentation and code repositories.
Social engineering, however, is only one of the techniques that North Korean hackers employ in attacks targeting cryptocurrency organizations, Mandiant notes in a new report.
The attackers were also seen relying on supply chain attacks to deploy malware and then pivot to other resources. They may also target smart contracts (either via reentrancy attacks or flash loan attacks) and decentralized autonomous organizations (via governance attacks), the Google-owned security firm explains.
Related: Microsoft Says North Korean Cryptocurrency Thieves Behind Chrome Zero-Day
Related: Hackers Steal Over $2 Million in Cryptocurrency From CoinStats Wallets
Related: North Korean Hackers Hijack Antivirus Updates for Malware Delivery
Related: Euler Loses Nearly $200 Million to Flash Loan Attack
