The FBI is warning that North Korean threat actors are gearing up to launch imminent attacks aimed at stealing funds from organizations with substantial cryptocurrency-related assets or products. These attacks are expected to employ highly deceptive social engineering tactics, including personalized targeting that will be difficult to distinguish from legitimate interactions.
In recent months, federal officials have observed state-sponsored actors from North Korea gathering intelligence on targets associated with cryptocurrency exchange-traded funds (ETFs). The reconnaissance activities appear to be preparatory in nature, according to a public service announcement released by the agency.
The impending attacks are anticipated to involve cryptocurrency theft and the distribution of malware. The attacks are likely to be stealthy, potentially disguised as innocuous conversations with individuals who are fluent in English and present plausible business or job-related reasons for contact. The attackers are also expected to invest time in developing personal relationships before engaging in any malicious actions, as stated by the agency.
North Korean advanced persistent threats (APTs) like Lazarus and Kimsuky have a track record of using social engineering techniques to execute crypto theft schemes to financially support North Korea’s nuclear program and other initiatives under the leadership of Kim Jong Un. The United Nations estimates that North Korean attackers have already stolen up to $3 billion worth of cryptocurrency through targeted campaigns.
These state-sponsored actors are known to convincingly impersonate recruiters and headhunters to target employees in various sectors of the economy, sometimes even securing employment in US firms to carry out malicious activities.
This latest wave of attacks is expected to be particularly challenging to detect, necessitating increased vigilance among employees of cryptocurrency firms to watch for any suspicious activities. The FBI emphasizes the need for continuous monitoring, as even individuals well-versed in cybersecurity practices may fall prey to North Korea’s persistent efforts to compromise networks linked to cryptocurrency assets.
Regarding the social engineering tactics to watch out for, the FBI warns that attackers are likely to conduct thorough research on specific DeFi or cryptocurrency-focused businesses and employees, leveraging personal details to craft tailored and appealing scenarios that help build trust with their targets. The attackers may also impersonate known individuals, such as recruiters on professional networking sites, to further deceive their victims.
Once the social relationship is established, the threat actors will move on to the final phase of deploying malware or stealing cryptocurrency. They may request employees to execute code or download applications on company devices or engage in other activities aimed at introducing malicious software into the organization’s network.
To mitigate the risks posed by these attacks, organizations can implement various measures, such as verifying contacts on separate communication platforms, refraining from storing cryptocurrency-related information on Internet-connected devices, and requiring multiple layers of authentication before transferring financial assets. These best practices can help organizations avoid falling victim to the sophisticated schemes orchestrated by North Korean threat actors.