The Federal Bureau of Investigation (FBI) has issued a public service announcement (PSA) firmly on the Democratic People’s Republic of Korea’s (DPRK) aggressive targeting of crypto resources. The PSA comes as state-backed hackers have been seen to increase the persistence, scale and sophistication of their efforts targeting sectors such as cryptocurrency exchange-traded funds (ETFs) in recent months. Fortunately, the FBI also uses its PSA to reveal some of the social engineering tactics and mitigations to be aware of. It explains what to do if you think you’ve been a victim of malicious DPRK cyber actors.
According to the FBI statement, the DPRK’s latest digital attack is “complex and elaborate, often engaging victims with sophisticated technical acumen.” Individuals and companies in the decentralized finance (DeFi) sector are now favored targets. However, malicious cyber actors have been observed researching and preparing to target targets related to cryptocurrency exchange-traded funds (ETFs), so if you work with ETFs, you should be more careful than ever. However, the DPRK is happy to steal cryptocurrency funds from anywhere.
One of the hallmarks of this new wave of malicious cyber activity from the DPRK is the extensive investigation being completed before an attempted heist. For social engineering purposes, malicious actors “will seek out potential victims by reviewing social media activity, particularly on professional networks or employment-related platforms.” So watch what platforms you’re LinkedOn (ahem) on and be sensitive to the depth of detail you’re communicating and sharing.
In addition to spending their time cultivating topics and conversations with intended victims, DPRK agents sometimes impersonate people a victim knows (eg, a prominent professional) or knows directly. It appears those looking for a change or career change may be particularly vulnerable, as the FBI says DPRK agents also impersonate recruitment companies.
Besides being generally aware of cyber security, what can you do? Some particular indicators to watch out for include requests to download apps or code, completing pre-employment tests that involve “running non-standard or unknown Node.js packages, PyPI packages, scripts, or GitHub repositories” and receiving unrealistically generous employment . or investment offers. Here’s an example of a software engineer who facilitated the loss of $600 million to DPRK hackers after responding to a job offer and filling out an online form.
Suggested mitigations include creating a contact verification methodology before continuing communications, protecting crypto wallet information, using multi-factor authentication methods, and more. Many of the mitigations sound like common technological sense, but we think it’s worth reviewing the full FBI list for anyone.
If worst comes to worst and you’re reading the FBI’s PSA because you think you or your company has fallen victim to one of the social engineering tactics discussed above, there are several steps you should take. First, disconnect the suspected affected devices from the Internet. Do not disable them, as the FBI is interested in “accessing recoverable malware artifacts.” You are then encouraged to contact the FBI/police with as many details as possible regarding the incident.
North Korea is thought to use cryptocurrencies as a way to circumvent US sanctions and finance investments in weapons research and development.
#FBI #warns #crypto #industry #North #Korea #ramps #raiding #campaigns #Tips #potential #targets