North Korea is escalating its cyberattacks on the crypto industry, employing sophisticated social engineering tactics to deceive employees and gain access to valuable digital assets, the Federal Bureau of Investigation (FBI) has warned.

These state-sponsored hackers are meticulously researching their targets, often using personal information gleaned from social media to craft highly convincing fake scenarios.

This personal information can include details about events the target has attended, their personal relationships, and their affiliations.

These scenarios may involve lucrative job offers, investment opportunities, or even requests for assistance from seemingly familiar contacts.

The hackers are fluent in English and well-versed in cryptocurrency, making their approaches even more deceptive.

They often initiate contact through professional networking sites or via direct messages on social media platforms, leveraging common interests and connections to establish a sense of trust.

Once they’ve established contact, they build rapport with their victims, often engaging in prolonged conversations to gain trust before deploying malware or other malicious tools.

These tools can be disguised as harmless files or links, or even embedded in seemingly legitimate job applications or investment proposals.

The FBI has observed that these hackers have targeted employees at various levels within cryptocurrency companies, including developers, engineers, and even executives.

They have also been known to impersonate recruiters, investors, and other industry professionals to gain credibility.

The ultimate goal of these attacks is to steal crypto funds, which can then be used to finance North Korea’s illicit activities.

The FBI urges companies and individuals in the crypto sector to be vigilant and follow best practices to protect themselves from these attacks.

This includes verifying the identity of contacts through multiple channels, avoiding executing code or downloading files from unknown sources, using strong passwords and two-factor authentication, keeping software and systems up to date, and reporting any suspicious activity to law enforcement.

The FBI also emphasizes the importance of employee training and awareness programmes to help identify and prevent social engineering attacks.

 

Featured image credit: Edited from Freepik