North Korea ‘aggressively targeting’ crypto firms, warns FBI

The FBI has issued a warning that North Korean hackers are aggressively targeting employees in the crypto and decentralized finance sectors to steal company funds.

These cybercriminals use sophisticated social engineering strategies to fool even the most technically skilled.

North Korean hackers are conducting extensive research, particularly targeting targets linked to cryptocurrency exchange-traded funds and other related financial products, according to a statement released by the FBI.

Cybercriminals often create fake, “complex and elaborate” scenarios tailored to the victim’s background and interests, such as fictitious job offers or investment opportunities. The FBI says these tactics are designed to gain trust and gain access to corporate networks.

These malicious cyber actors were investigating various targets associated with crypto ETFs. Their investigations included pre-operational preparations, indicating that they may be planning to conduct cyberattacks against companies associated with ETFs or other cryptocurrency-related financial products.

Last week, Microsoft announced that North Korean hackers were targeting crypto assets using a zero-day vulnerability in Chromium’s V8 JavaScript engine. The hackers were able to exfiltrate digital assets from compromised systems by creating fake trading platforms and using the AppleJeus trojan.

Hacker tactics

According to the FBI, these attackers use elaborate tactics, such as impersonating well-known figures within the company or asking employees to download malicious apps onto devices connected to the company’s network.

These requests appear legitimate, making them difficult to detect.

To mitigate these threats, the FBI advises companies to avoid storing crypto wallet information on internet-connected devices and implement secure systems to verify individuals’ identities through separate communication platforms.

Additionally, companies are urged to refrain from conducting pre-employment tests or running code on company-owned devices, especially when requested by unknown parties.

In August, cybersecurity expert ZachXBT uncovered a complex scheme in which North Korean IT workers posed as crypto developers to steal $1.3 million from a project’s treasury. The stolen funds were laundered through a variety of transactions, and further investigation revealed connections to more than 25 compromised projects and OFAC-sanctioned individuals.