The FBI has raised alarms about an escalating threat from North Korean hackers targeting decentralized finance (DeFi) platforms with sophisticated social engineering attacks.
At a Glance
- North Korean hackers engage in social engineering to target DeFi platforms.
- Malware deployment aims to steal critical crypto assets.
- These attacks are highly personalized and difficult to detect.
- Organizations managing significant cryptocurrency volumes are at risk.
- The FBI advises vigilance and advanced security measures to combat these threats.
Increasing Threat from North Korea
The FBI has issued a stark warning regarding North Korean hacking groups targeting cryptocurrency companies and their employees through sophisticated social engineering tactics. The hackers use various psychological techniques to exploit human error, aiming to gain access to DeFi platforms and divert valuable assets.
The social engineering attacks often involve manipulatively targeted communication, such as fake job offers or investment opportunities. These tactics rely on the hackers’ substantial technical knowledge and advanced language skills, making it exceedingly difficult for even experienced cybersecurity professionals to detect and counteract these attacks.
How the Hacks Work
North Korean cyber actors invest significant effort into researching their targets, particularly individuals linked to cryptocurrency exchange-traded funds (ETFs) and other financial instruments. They impersonate trusted contacts or known figures in the cryptocurrency space on professional networking sites. Victims often receive detailed communications in fluent English designed to initiate prolonged discussions and build rapport over time.
“North Korean malicious cyber actors routinely impersonate a range of individuals, including contacts a victim may know personally or indirectly. Impersonations can involve general recruiters on professional networking websites, or prominent people associated with certain technologies,” per the FBI.
The attackers frequently use cleverly engineered phishing schemes, such as offers of new employment or investment opportunities, which include malware payloads disguised as pre-employment tests, job offers, or video conference invitations. This malware, once installed, enables them to pilfer significant quantities of cryptocurrency from compromised accounts.
Notable Incidents and Financial Fallout
Over the past several years, North Korean hacking groups have successfully stolen significant amounts of cryptocurrency. Notable heists include breaches of the Harmony blockchain bridge, Nomad bridge, Qubit Finance bridge, Atomic Wallet, AlphaPo, and CoinsPaid. The largest hack attributed to these groups was the $620 million theft from Axie Infinity’s Ronin network bridge.
“In 2022 alone, North Korean threat actors were accused of stealing $1.7 billion in cryptocurrency, equivalent to 5% of the country’s economy or 45% of its military budget,” Recorded Future said.
Since 2017, an estimated $3 billion worth of cryptocurrency has been stolen by North Korean cyber actors. This extensive financial damage has spurred the FBI to issue focused advisories highlighting the growing sophistication and persistence of these cybercriminal efforts.
The #FBI is warning about North Korea's attempts to aggressively target the #crypto industry with well-disguised social engineering attacks. Learn about their tactics and how to prevent an intrusion in this latest #IC3 public service announcement. https://t.co/HLN08Pm02D pic.twitter.com/tZlm5XEWiN
— FBI Springfield (@FBISpringfield) September 5, 2024
Staying Vigilant and Enhancing Security
The FBI’s latest public service announcement emphasizes several key strategies for mitigating the risk of these advanced social engineering attacks. These include verifying contacts through separate communication channels, avoiding the storage of sensitive data on internet-connected devices, implementing multiple authentication factors for financial transactions, and funneling business communications into secure, closed platforms.
“Given the scale and persistence of this malicious activity, even those well versed in cybersecurity practices can be vulnerable to North Korea’s determination to compromise networks connected to cryptocurrency assets,” said the FBI.
Organizations involved with substantial quantities of cryptocurrency are urged to raise awareness among employees about the signs of potential social engineering attempts and increase overall security measures accordingly.
The FBI warns of North Korean hackers aggressively targeting cryptocurrency companies and their employees in sophisticated social engineering attacks, aiming to deploy malware that steals their crypto assets.https://t.co/trqMcFHJGg
— BleepingComputer (@BleepinComputer) September 3, 2024