North Korean hackers target crypto companies

The FBI released a public service announcement today, explaining how the DPRK is aggressively targeting the crypto industry. In the announcement, the FBI mentioned that the Democratic People's Republic of Korea (DPRK) is using social engineering methods to attack crypto companies.

These social engineering campaigns are highly customized and difficult to identify. DPRK targets employees of decentralized finance and cryptocurrency-related businesses to deploy malware and steal company crypto assets.

North Korean cyber actors are known for their covert research on potential targets. They often engage in extensive pre-operative planning to set up highly personalized scenarios to deceive their victims. These situations include fake job offers or investment tailored to the victim's background and needs.

They look for a developer job with a lot of experience, which makes them the perfect candidate to break into an organization. Well-structured and highly customized YouTube profiles create fake IDs, including passports and other national ID cards. Pre-operation research at this stage is good for the details, and it will be impossible to identify the real person.

In the year On August 15th, ZachXBT, a popular crypto researcher, shared a similar incident where a crypto firm asked for help after losing $1.3M to an exploit. Zack said he didn't know if the team employed as many DPRK IT staff as devs. He also shared that he found more than 25 crypto projects where these DPRK devs were active.

Federal Bureau of Investigation Identifies and Shares North Korea's Social Engineering Experiments. These unsolicited job offer letters include asking for very high compensation, investment proposals, and highly experienced jobs to stand out from other candidates. The actors ask to use non-standard software for simple tasks or redirect the conversation to other messaging platforms and then send unexpected links or attachments.

The FBI has recommended several practices for crypto companies to mitigate these risks. The organization must develop a variety of methods to verify the identity of contacts and prevent code execution on company-owned devices during pre-employment tests. Every crypto organization must have processes in place to validate and validate every transaction and smart contract before it is signed. They also recommend that if a company's device is suspected to have been affected by such a social engineering campaign, it should be immediately removed from the server and the Internet. And file an FIR with the law enforcement agency immediately.