The FBI has issued a warning that North Korean hackers are aggressively targeting employees in the crypto and decentralized finance sectors to steal company funds.
These cybercriminals use sophisticated social engineering strategies to deceive even technically proficient individuals.
According to an FBI release, North Korean hackers conduct extensive research on their targets, particularly those connected to crypto exchange-traded funds and other related financial products.
The cybercriminals often create fake, “complex and elaborate” scenarios tailored to a victim’s background and interests, such as fictitious job offers or investment opportunities. The FBI notes that these tactics are designed to gain trust and access to company networks.
These malicious cyber actors have been researching various targets linked to crypto ETFs. Their research involved pre-operational preparations, indicating that they may be planning to carry out cyber attacks against companies associated with ETFs or other cryptocurrency-related financial products.
Last week, Microsoft announced that North Korean hackers had exploited a zero-day vulnerability in Chromium’s V8 JavaScript engine to target crypto entities. These hackers siphoned off digital assets from compromised systems by creating fake trading platforms and using the AppleJeus trojan.
Hacker tactics
According to the FBI, these actors use highly elaborate tactics, including impersonating well-known individuals within a company or requesting that employees download malicious applications on devices connected to the company’s network.
These requests appear legitimate, making them difficult to detect.
To mitigate these threats, the FBI advises companies to avoid storing crypto wallet information on internet-connected devices and to implement secure systems for verifying individuals’ identities through separate communication platforms.
Additionally, firms are urged to refrain from conducting pre-employment tests or executing code on company-owned devices, especially when requested by unknown contacts.
In August, cybersecurity expert ZachXBT uncovered a sophisticated scheme in which North Korean IT workers posed as crypto developers and stole $1.3 million from a project’s treasury. The stolen funds were laundered through various transactions, and further investigation revealed a network of over 25 compromised projects and ties to OFAC-sanctioned individuals.
