FBI Issues Warning on DPRK Social Engineering Schemes on Crypto Firms

The FBI has revealed that DPRK, formerly known as North Korea, is attempting malicious cyber activities against companies associated with crypto ETFs.

Additionally, the agency says Cryptocurrency and decentralized finance (DeFi) companies need to be aware of the targeted social engineering campaigns conducted by the Democratic People’s Republic of Korea (DPRK or North Korea).

The DPRK is using sophisticated tactics to compromise employees of these companies and deploy malware to steal cryptocurrency. These social engineering schemes are complex and well-tailored to deceive even those with strong cybersecurity practices.

Furthermore, they conduct extensive research on potential targets and use personalized fake scenarios to entice employees, often involving offers of new employment or corporate investment. Notably, North Korean malicious cyber actors are adept at impersonating individuals known to the victims, leveraging realistic imagery, and even creating fake websites to appear legitimate.

They communicate fluently and convincingly in English and possess deep knowledge of the technical aspects of the cryptocurrency field. In light of these threats, companies in the cryptocurrency sector must be vigilant and implement mitigation measures to protect themselves and their employees.

The DPRK Strategic Customized Fake Scenarios

North Korean malicious cyber actors meticulously identify their targets, focusing on specific DeFi and cryptocurrency businesses. They painstakingly research the companies’ employees, delving into their social media activity, particularly on professional networking platforms, to gain insights into their personal and professional lives. This meticulous pre-operational research allows them to craft highly personalized attacks.

North Korean actors leverage their research to create bespoke scenarios designed to appeal to individual victims. These scenarios often involve enticing offers, such as new employment opportunities or lucrative investment proposals.

The threat actors may weave in specific personal details, including names, interests, affiliations, and even past events, to create a sense of authenticity and trust.

These carefully constructed scenarios aim to establish prolonged conversations with victims, building rapport and subtly introducing malware. The actors may employ multiple members of their team to sustain engagement, further reinforcing the illusion of legitimacy. They communicate with fluency in English and demonstrate a deep understanding of the cryptocurrency sector, making their tactics even more effective.

Business Impersonation as a Weapon

North Korean actors frequently impersonate individuals known to their targets, ranging from recruiters on professional networking websites to prominent figures in the technology industry. These impersonations are often bolstered by stolen images from open social media profiles, further enhancing the illusion of authenticity, the FBI advised.

The actors may also employ fake images of time-sensitive events to provoke immediate action from victims.

Furthermore, they impersonate recruiting firms or technology companies, creating fake websites designed to mimic legitimate entities. Examples of these fabricated websites were uncovered in the Department of Justice’s October 2023 seizure of 17 North Korean domains.

According to the agency, unexpected contact from individuals claiming to represent reputable companies or offering tempting investment opportunities. Moreover, If someone appears to know an unusual amount about your personal and professional life, it could be a sign of social engineering.

Additionally, avoid clicking on links from suspicious sources, especially if they claim to offer rewards or exclusive information, it says.