Issued by the FBI Public service announcement todayThey explained how the DPRK is aggressively targeting the cryptocurrency industry. The FBI stated in the release that the DPRK is using a social engineering scheme to target cryptocurrency companies.
These social engineering campaigns are highly customized and difficult to detect. DPRK targets employees of decentralized finance and cryptocurrency businesses to distribute malware and steal the companies’ cryptocurrency assets.
North Korean cyber players are known for their subtle research on potential targets. They often engage in extensive pre-operation planning to create highly personalized scenarios to deceive their victims. These scenarios include fake job or investment offers tailored to the victim’s background and interests.
To infiltrate an organization, they apply for a developer job with advanced work experience, which makes them a perfect candidate. They create fake identities, including well-structured and highly customized github profiles, passports, and other national IDs. The pre-operational research is so detailed that it is impossible to identify the real person.
On August 15, ZachXBT, a prominent cryptocurrency researcher, shared a similar incident where a crypto organization asked for help after losing $1.3 million in an exploit. Zach shared that he was unaware that the team had hired several DPRK IT workers as developers. He also shared that he had found over 25 crypto projects where these DPRK developers were active.
The agency has identified and shared several indicators of North Korean social engineering efforts, including unsolicited job offers with extremely high compensation, investment proposals, and applications for jobs with high experience to stand out from other applicants. The actors insist on using non-standard software for simple tasks or asking people to move their conversations to other messaging platforms, then sending unexpected links or attachments.
The FBI recommends several practices for cryptocurrency companies to mitigate these threats. Organizations should develop a variety of methods to verify the identity of contacts and to ensure that no code is run on company-owned devices during pre-employment testing. All cryptocurrency companies should have procedures in place to verify and validate all transactions and smart contracts before signing them. They also recommend that if a company device is suspected of being affected by such a social engineering campaign, it should be immediately removed from servers and the internet. And an FIR should be filed immediately with law enforcement.