Cryptocurrency industry faces ‘difficult to detect’ North Korean social engineering scams, FBI says

Avatar

The FBI is adding “highly tailored, difficult-to-detect social engineering campaigns” to the list of scams and hacks that North Korea aims at decentralized finance (DeFi) operations and similar businesses.

In an alert issued Tuesday, the bureau says that despite the “sophisticated technical acumen” of such companies, they can fall victim to the social engineering schemes, which involve “complex and elaborate” operations to gather information about employees and build rapport with them.

Ultimately, the goal is to “deploy malware and steal company cryptocurrency,” the FBI says.

“Teams of North Korean malicious cyber actors identify specific DeFi or cryptocurrency-related businesses to target and attempt to socially engineer dozens of these companies’ employees to gain unauthorized access to the company’s network,” the alert says. “Before initiating contact, the actors scout prospective victims by reviewing social media activity, particularly on professional networking or employment-related platforms.”

The FBI offers a laundry list of indicators that something might be up, including requests to use non-standard software for basic tasks when the company already uses a similar product.

Of particular interest are companies that handle cryptocurrency exchange-traded funds (ETFs) and similar financial products, the bureau says.

Western authorities have blamed the North Korean regime for a steady stream of related scams, including attempts to gain employment for fake IT workers, drain funds from play-to-earn games, hack commonly used apps and hide malicious code in repositories used by software developers. Other accusations point to ransomware and money laundering.

“For companies active in or associated with the cryptocurrency sector, the FBI emphasizes North Korea employs sophisticated tactics to steal cryptocurrency funds and is a persistent threat to organizations with access to large quantities of cryptocurrency-related assets or products,” the FBI said.

NewsNews BriefsGovernmentCybercrime
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Joe Warminsky

is the news editor for Recorded Future News. He has more than 25 years experience as an editor and writer in the Washington, D.C., area. Most recently he helped lead CyberScoop for more than five years. Prior to that, he was a digital editor at WAMU 88.5, the NPR affiliate in Washington, and he spent more than a decade editing coverage of Congress for CQ Roll Call.

 

Total
0
Shares
Previous Post

FTC issues $3 million fine for security camera firm, issuing penalties for a range of violations

Next Post

Indicted pair of foreign nationals were behind swatting attack on CISA director

Related Posts

SparkCat Malware Uses OCR to Extract Crypto Wallet Recovery Phrases from Images

A new malware campaign dubbed SparkCat has leveraged a suit of bogus apps on both Apple's and Google's respective app stores to steal victims' mnemonic phrases associated with cryptocurrency wallets.  The attacks leverage an optical character recognition (OCR) model to exfiltrate select images containing wallet recovery phrases from photo libraries to a command-and-control (C2) server,
Avatar
Read More

Microsoft Warns of Malvertising Campaign Infecting Over 1 Million Devices Worldwide

Microsoft has disclosed details of a large-scale malvertising campaign that's estimated to have impacted over one million devices globally as part of what it said is an opportunistic attack designed to steal sensitive information. The tech giant, which detected the activity in early December 2024, is tracking it under the broader umbrella Storm-0408, a moniker used for a set of threat actors
Avatar
Read More

AI Could Generate 10,000 Malware Variants, Evading Detection in 88% of Case

Cybersecurity researchers have found that it's possible to use large language models (LLMs) to generate new variants of malicious JavaScript code at scale in a manner that can better evade detection. "Although LLMs struggle to create malware from scratch, criminals can easily use them to rewrite or obfuscate existing malware, making it harder to detect," Palo Alto Networks Unit 42 researchers
Avatar
Read More