2024-09-12

FBI Warns of North Korean Cyberattacks on Cryptocurrency Firms

Level: 
Strategic
  |  Source: 
IC3
Financial
Share:

FBI Warns of North Korean Cyberattacks on Cryptocurrency Firms

A concerning increase in social engineering attacks by North Korean actors aimed at the cryptocurrency sector is highlighted in the latest FBI advisory. These actors are conducting elaborate schemes targeting employees of decentralized finance (DeFi) and cryptocurrency firms to implant malware and steal cryptocurrencies, as observed by the FBI "over the last several months." The threat actors take thorough preparation steps to initiate their campaigns, including extensive research on potential targets through their social media accounts, particularly those linked to cryptocurrency exchange-traded funds (ETFs) and other financial products.

Attempts to engage victims are made through deceptive lures, utilizing personal information to fabricate compelling scenarios that may include job offers or investment opportunities. These scenarios are crafted to specifically appeal to individuals within the crypto industry, leveraging the victims' backgrounds and professional interests to establish credibility. "If successful in establishing bidirectional contact, the initial actor, or another member of the actor’s team, may spend considerable time engaging with the victim to increase the sense of legitimacy and engender familiarity and trust," warns the FBI. Of further concern is that the actors communicate in fluent English and possess substantial technical knowledge of the cryptocurrency field, enhancing their ability to effectively manipulate targets.

Further complicating the landscape, the FBI's report indicates that these cybercriminals often impersonate known contacts of the victim or significant figures in technology and recruitment. By stealing images and creating professional websites, they present a facade of legitimacy that can be challenging to question. The agency has issued specific indicators of such social engineering tactics and recommended best practices for organizations to mitigate these threats. These include verifying identities through multiple, unconnected channels and enhancing authentication measures across corporate networks. This public service announcement follows a series of advisories related to the cryptocurrency industries, with prior advisories warning of the use of fake remote job ads to lure victims and leveraging unlicensed crypto transfer services.

Get trending threats published weekly by the Anvilogic team.

Sign Up Now