Article Details

North Korean scammers plan wave of stealth attacks on crypto companies, FBI warns. Feds warn of 'highly tailored, difficult-to-detect social engineering campaigns'. The FBI has warned that North Korean operatives are plotting "complex and elaborate" social engineering attacks against employees of decentralized finance (DeFi) organizations, as part of ongoing efforts to steal cryptocurrency. State-sponsored crews have researched targets connected to cryptocurrency exchange-traded funds, and conducted other reconnaissance work, we're told. This suggests that North Korea is likely to attempt "highly tailored, difficult-to-detect social engineering campaigns" against cryptocurrency-related businesses in the near future, the American investigative agency wrote on Tuesday. The scammers display such "sophisticated technical acumen" that victims may not even realize they’ve been attacked until it's too late. \ North Korea has for years tried to steal assets from cryptocurrency outfits because international sanctions designed to stop it developing weapons of mass destruction mean the murderous autocracy is all-but excluded from the global financial system. The nation has found cryptocurrency helps it get around those restrictions, so has launched many campaigns to acquire digi-dollars. The FBI has now warned that those efforts have become more refined. "Given the scale and persistence of this malicious activity, even those well-versed in cybersecurity practices can be vulnerable to North Korea's determination to compromise networks connected to cryptocurrency assets," the FBI warned. Here's how the social engineering attacks typically go down. North Korean cyber criminals scout out their targets by stalking would-be victims' social media accounts, "particularly on professional networking or employment-related platforms." These services and job boards are familiar territory for Pyongyang's hackers. Previously, they've used fake LinkedIn job ads and posed as both jobseekers and/or employers to trick victims into downloading infostealers and other malware from malicious GitHub repos. Kim Jong Un’s cyber-scourges next initiate conversations with targets they’ve identified. Correspondence is sent in English and displays strong knowledge of crypto-related industries. Sometimes the crims pose as a mutual professional connection, an employee of a well-known company, or a recruiter. Whatever ruse they use, the goal is delivering malware in a way that "may appear natural and non-alerting." The scammers aren't afraid to play a long game. "If successful in establishing bidirectional contact, the initial actor, or another member of the actor's team, may spend considerable time engaging with the victim to increase the sense of legitimacy and engender familiarity and trust," according to the FBI. The FBI has also compiled a list of potential indicators that a North Korean social engineer is attempting to scam you: If you experience, or have experienced, any of these things, isolate potentially compromised devices ASAP and contact the FBI's Internet Crime Complaint Center along with local law enforcement agencies. And as a general rule, don't download documents, GitHub packages, or other files from someone you meet on LinkedIn. And, sadly, unsolicited job offers from well-known tech firms that offer compensation packages that seem too good to be true, probably always are.