FBI finds North Korea aggressively targeting crypto businesses

The Federal Bureau of Investigation (FBI) has released an advisory stating that North Korea has been aggressively targeting cryptocurrency businesses and companies with sophisticated social engineering tactics to then deploy malware and steal funds.

According to the agency, North Korean cyber forces have been researching cryptocurrency exchange-traded funds (ETFs) in recent months, possibly preparing for cyberattacks on companies linked to ETFs or other cryptocurrency financial products. These groups, sponsored by the states, are known as threat actors across the FBI’s Internet Crime Complaint Center (IC3).

FBI wary of North Korean crypto attacks

The FBI advisory released Tuesday (Sep 3) says that even those with technical acumen can fall prey to the threat actors working on behalf of North Korea.

The advisory states: “North Korean social engineering schemes are complex and elaborate, often compromising victims with sophisticated technical acumen. Given the scale and persistence of this malicious activity, even those well versed in cybersecurity practices can be vulnerable to North Korea’s determination to compromise networks connected to cryptocurrency assets.”

North Korea has led several cyber attacks in the past year that have targeted American and international digital infrastructure, with a renewed focus on cryptocurrency. IC3 released a comprehensive breakdown of some processes employed by these threat actors when deploying malicious software.

These entities work using three key strategies outlined in the FBI advisory: extensive pre-operational research, individualized fake scenarios, and impersonations. This can be seen in the activity of well-known hacker groups from North Korea, such as Lazarus.

The pre-operational research includes the threat actors highlighting businesses to target and mimicking their employees to gain access to the company’s network. They scan social and professional networks for these target employees before attempting to gain access to the inner workings of the company.

The individualized fake scenarios include threat actors masquerading as prospective employers or investors in the crypto field who attempt to build a report with target victims before deploying malware.

This activity is directly linked to the FBI’s advisory on Impersonations, which also attempts to clone or hide their activity under false pretenses. The advisory highlights, “The actors usually communicate with victims in fluent or nearly fluent English and are well versed in the technical aspects of the cryptocurrency field.”

How to identify social engineering attempts

The FBI has identified the following indicators that could flag malicious or preempt a targeted attack by North Korean threat actors, named social engineering activity:

• Requests to execute code or download applications on company-owned devices or other devices with access to a company’s internal network.
• Requests to conduct a “pre-employment test” or debugging exercise that involves executing non-standard or unknown Node.js packages, PyPI packages, scripts, or GitHub repositories.
• Offers of employment from prominent cryptocurrency or technology firms that are unexpected or involve unrealistically high compensation without negotiation.
• Offers of investment from prominent companies or individuals that are unsolicited or have not been proposed or discussed previously.
• Insistence on using non-standard or custom software to complete simple tasks easily achievable through the use of common applications (i.e. video conferencing or connecting to a server).
• Requests to run a script to enable call or video teleconference functionalities supposedly blocked due to a victim’s location.
• Requests to move professional conversations to other messaging platforms or applications.
• Unsolicited contacts that contain unexpected links or attachments.

Image: Pixlr.

The post FBI finds North Korea aggressively targeting crypto businesses appeared first on ReadWrite.