Cryptocurrency industry faces ‘difficult to detect’ North Korean social engineering scams, FBI says
The FBI is adding “highly tailored, difficult-to-detect social engineering campaigns” to the list of scams and hacks that North Korea aims at decentralized finance (DeFi) operations and similar businesses.
In an alert issued Tuesday, the bureau says that despite the “sophisticated technical acumen” of such companies, they can fall victim to the social engineering schemes, which involve “complex and elaborate” operations to gather information about employees and build rapport with them.
Ultimately, the goal is to “deploy malware and steal company cryptocurrency,” the FBI says.
“Teams of North Korean malicious cyber actors identify specific DeFi or cryptocurrency-related businesses to target and attempt to socially engineer dozens of these companies' employees to gain unauthorized access to the company's network,” the alert says. “Before initiating contact, the actors scout prospective victims by reviewing social media activity, particularly on professional networking or employment-related platforms.”
The FBI offers a laundry list of indicators that something might be up, including requests to use non-standard software for basic tasks when the company already uses a similar product.
Of particular interest are companies that handle cryptocurrency exchange-traded funds (ETFs) and similar financial products, the bureau says.
Western authorities have blamed the North Korean regime for a steady stream of related scams, including attempts to gain employment for fake IT workers, drain funds from play-to-earn games, hack commonly used apps and hide malicious code in repositories used by software developers. Other accusations point to ransomware and money laundering.
“For companies active in or associated with the cryptocurrency sector, the FBI emphasizes North Korea employs sophisticated tactics to steal cryptocurrency funds and is a persistent threat to organizations with access to large quantities of cryptocurrency-related assets or products,” the FBI said.
Joe Warminsky
is the news editor for Recorded Future News. He has more than 25 years experience as an editor and writer in the Washington, D.C., area. Most recently he helped lead CyberScoop for more than five years. Prior to that, he was a digital editor at WAMU 88.5, the NPR affiliate in Washington, and he spent more than a decade editing coverage of Congress for CQ Roll Call.