The Federal Bureau of Investigation (FBI) issued a warning about North Korea's aggressive targeting of the crypto industry on Sept. 3.
The agency detailed the sophisticated social engineering campaigns conducted by North Korean actors against employees of crypto-related businesses, notably DeFi applications.
The report highlighted that North Korean actors have been researching targets related to crypto exchange-traded funds (ETFs) in recent months, suggesting potential future attacks on companies associated with crypto ETFs or other crypto-related financial products.
Moreover, the FBI calls North Korean actors' tactics “complex and elaborate,” highlighting that they aim to trick employees using social engineering to then deploy malware capable of stealing crypto.
The FBI then warns crypto companies:
“For companies active in or associated with the cryptocurrency sector, the FBI emphasizes North Korea employs sophisticated tactics to steal cryptocurrency funds and is a persistent threat to organizations with access to large quantities of cryptocurrency-related assets or products.”
The report added that even cybersecurity-savvy individuals can be victims of North Korea's determined efforts to compromise networks connected to crypto.
A report published by Recorded Future on Nov. 30, 2023, and conducted by the Insikt Group estimated that the North Korean group of hackers Lazarus Group stole $3 billion in crypto from 2017 to 2023. The amount emphasizes how effective the North Korean actors' methods are.
Most used tactics
The FBI outlined several tactics used by North Korean actors, including extensive pre-operational research, individualized fake scenarios, and impersonations of legitimate entities or individuals.
Notably, the scouting performed by these actors before starting to execute the social engineering attacks target not only a couple of employees but dozens of them.
The FBI explains that individualized fake scenarios often include offers of new employment or corporate investment, using personal information to build rapport with the potential victim.
Furthermore, the North Korean actors can also emulate “a range of individuals” to help them get the victims' trust, including recruiters and technology companies.
To mitigate risks, the FBI recommends developing unique identity verification methods, avoiding storage of crypto wallet information on internet-connected devices, and implementing multi-factor authentication for financial asset movements.
The agency urges victims of suspected North Korean cyber activities to disconnect affected devices immediately, file a complaint through the FBI Internet Crime Complaint Center, and provide detailed information to law enforcement.