North Korea has been running highly sophisticated social engineering schemes designed to crack the security measures of crypto and decentralized finance (DeFi) firms, according to the U.S. Federal Bureau of Investigation (FBI).
A new FBI public service announcement indicates North Korean cyber criminals target specific employees at firms connected to crypto exchange-traded funds (ETFs).
“Before initiating contact, the actors scout prospective victims by reviewing social media activity, particularly on professional networking or employment-related platforms.
North Korean malicious cyber actors incorporate personal details regarding an intended victim’s background, skills, employment, or business interests to craft customized fictional scenarios designed to be uniquely appealing to the targeted person.”
The FBI says fake scenarios often include new job opportunities or promises of corporate investment. North Korean cyber criminals can speak fluent English, demonstrate crypto technical prowess and will often reference obscure, highly targeted personal information designed to feign legitimacy, according to the law enforcement agency.
“The actors usually attempt to initiate prolonged conversations with prospective victims to build rapport and deliver malware in situations that may appear natural and non-alerting.”
The FBI says red flags include:
- “Requests to execute code or download applications on company-owned devices or other devices with access to a company’s internal network.
- Requests to conduct a ‘pre-employment test’ or debugging exercise that involves executing non-standard or unknown Node.js packages, PyPI packages, scripts, or GitHub repositories.
- Offers of employment from prominent cryptocurrency or technology firms that are unexpected or involve unrealistically high compensation without negotiation.
- Offers of investment from prominent companies or individuals that are unsolicited or have not been proposed or discussed previously.
- Insistence on using non-standard or custom software to complete simple tasks easily achievable through the use of common applications (i.e. video conferencing or connecting to a server).
- Requests to run a script to enable call or video teleconference functionalities supposedly blocked due to a victim’s location.
- Requests to move professional conversations to other messaging platforms or applications.
- Unsolicited contacts that contain unexpected links or attachments.”
The FBI recommends that crypto firm employees verify the identities of their contacts through other communication platforms and avoid taking pre-employment tests for potential new jobs on existing work laptops.
The agency also suggests firms keep information about crypto wallets offline; install multiple factors of authentication to move corporate financial assets; limit access to sensitive network documentation; funnel business communications to closed platforms that require in-person authentication; and disable email attachments by default on company devices.
Generated Image: Midjourney