Cryptocurrency industry faces ‘difficult to detect’ North Korean social engineering scams, FBI says

Avatar

The FBI is adding “highly tailored, difficult-to-detect social engineering campaigns” to the list of scams and hacks that North Korea aims at decentralized finance (DeFi) operations and similar businesses.

In an alert issued Tuesday, the bureau says that despite the “sophisticated technical acumen” of such companies, they can fall victim to the social engineering schemes, which involve “complex and elaborate” operations to gather information about employees and build rapport with them.

Ultimately, the goal is to “deploy malware and steal company cryptocurrency,” the FBI says.

“Teams of North Korean malicious cyber actors identify specific DeFi or cryptocurrency-related businesses to target and attempt to socially engineer dozens of these companies’ employees to gain unauthorized access to the company’s network,” the alert says. “Before initiating contact, the actors scout prospective victims by reviewing social media activity, particularly on professional networking or employment-related platforms.”

The FBI offers a laundry list of indicators that something might be up, including requests to use non-standard software for basic tasks when the company already uses a similar product.

Of particular interest are companies that handle cryptocurrency exchange-traded funds (ETFs) and similar financial products, the bureau says.

Western authorities have blamed the North Korean regime for a steady stream of related scams, including attempts to gain employment for fake IT workers, drain funds from play-to-earn games, hack commonly used apps and hide malicious code in repositories used by software developers. Other accusations point to ransomware and money laundering.

“For companies active in or associated with the cryptocurrency sector, the FBI emphasizes North Korea employs sophisticated tactics to steal cryptocurrency funds and is a persistent threat to organizations with access to large quantities of cryptocurrency-related assets or products,” the FBI said.

NewsNews BriefsGovernmentCybercrime
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Joe Warminsky

is the news editor for Recorded Future News. He has more than 25 years experience as an editor and writer in the Washington, D.C., area. Most recently he helped lead CyberScoop for more than five years. Prior to that, he was a digital editor at WAMU 88.5, the NPR affiliate in Washington, and he spent more than a decade editing coverage of Congress for CQ Roll Call.

 

Total
0
Shares
Previous Post

FTC issues $3 million fine for security camera firm, issuing penalties for a range of violations

Next Post

Indicted pair of foreign nationals were behind swatting attack on CISA director

Related Posts

Google Exposes GLASSBRIDGE: A Pro-China Influence Network of Fake News Sites

Government agencies and non-governmental organizations in the United States have become the target of a nascent China state threat actor known as Storm-2077. The adversary, believed to be active since at least January 2024, has also conducted cyber attacks against the Defense Industrial Base (DIB), aviation, telecommunications, and financial and legal services across the world, Microsoft said.
Avatar
Read More