BREAKING NEWS: The FBI has issued an alert warning that North Korea is “Aggressively Targeting Crypto Industry with Well-Disguised Social Engineering Attacks”.
Although it is not unprecedented for the FBI to put out warnings against the occasional North Korean hacking campaigns and cybercrime, this warning in particular is far more detailed than past FBI PSA’s of it’s kind.
Given the United States is a mere 60 days away from arguably the most pivotal election in our lifetime, the timing of this warning related to a very adversarial North Korea is sure to add another layer of intensity to the ongoing march towards the November election.
But there’s not just the election — there is also the issue of North Korea’s nuclear weapons program, which according to previous reporting by CNN, is directly funded by the North Korean regime’s state-sponsored theft of crypto currencies:
According to an article appearing on MSN:
In a Sept. 3 notice, the FBI said North Korean malicious cyber actors were targeting workers at decentralized finance and cryptocurrency companies to steal funds through “complex and elaborate” social engineering campaigns. Specifically, the federal agency warned that the scammers had researched firms associated with cryptocurrency-tied exchange-traded funds, or ETFs.
The actors employed schemes, including fake offers of employment or investment opportunities and impersonating well-known individuals associated “with certain technologies” to trick users. The scammers may then provide a link to a “pre-employment test” or another download to install malware.
The FBI notice includes a very detailed description of the techniques that North Korean agents are reportedly using to infiltrate and gain access to crypto assets in the US. The alert specifically details the research, customized “fake scenarios”, and emphasis on impersonations being used:
Extensive Pre-Operational Research
Teams of North Korean malicious cyber actors identify specific DeFi or cryptocurrency-related businesses to target and attempt to socially engineer dozens of these companies’ employees to gain unauthorized access to the company’s network. Before initiating contact, the actors scout prospective victims by reviewing social media activity, particularly on professional networking or employment-related platforms.Individualized Fake Scenarios
North Korean malicious cyber actors incorporate personal details regarding an intended victim’s background, skills, employment, or business interests to craft customized fictional scenarios designed to be uniquely appealing to the targeted person.North Korean fake scenarios often include offers of new employment or corporate investment. The actors may reference personal information, interests, affiliations, events, personal relationships, professional connections, or details a victim may believe are known to few others.
Impersonations
North Korean malicious cyber actors routinely impersonate a range of individuals, including contacts a victim may know personally or indirectly. Impersonations can involve general recruiters on professional networking websites, or prominent people associated with certain technologies.To increase the credibility of their impersonations, the actors leverage realistic imagery, including pictures stolen from open social media profiles of the impersonated individual. These actors may also use fake images of time sensitive events to induce immediate action from intended victims.
According to an article on Cryptonews.com , the FBI has warned that these current North Korean schemes are a “new wave” of state-sponsored attacks — not just the average hacking group acting on it’s own accord.
The Democratic People’s Republic of Korea (DPRK) has been aggressively deploying elaborate and highly tailored cyberattacks aimed at infiltrating companies and stealing cryptocurrency assets.
Despite advanced cybersecurity measures, the scale and persistence of these attacks have proven challenging even for those well-versed in cybersecurity.
The FBI warning to companies in the cryptocurrency sector is said to be part of a new wave of cyberattacks orchestrated by North Korean state-sponsored hackers.
Since issuing the alert, there has been no additional information from the FBI.
Check back for more information as it becomes available.
Join the conversation!
Please share your thoughts about this article below. We value your opinions, and would love to see you add to the discussion!