On September 03, 2024, the FBI warned cryptocurrency companies about North Korean hackers using social engineering techniques to steal their digital assets.
In a recent public service announcement, the FBI warned cryptocurrency firms about the ongoing threat from North Korean state-sponsored hackers. These threat actors use targeted social engineering techniques to breach networks and steal crypto assets.
Usually, they impersonate legitimate contacts or recruiters to target their victims. Once the hackers gain the victim’s trust, they use malware to steal the data. The hackers are experts in the cryptocurrency field and often speak fluent English, making them seem more credible. The FBI urges the cryptocurrency sector to improve its cybersecurity against these advanced social engineering attacks.
North Korea is linked to multiple cyberattacks targeting cryptocurrency firms, with billions of dollars stolen since 2017. Their state-funded hacking groups, Lazarus Group and Kimsuky, have been involved in high-profile cryptocurrency heists, including the Harmony blockchain bridge breach, in which they stole $100 million in assets.
Read also: Counter spear-phishing with DMARC mitigation methods
The FBI bulletin stated, “North Korean malicious cyber actors routinely impersonate a range of individuals, including contacts a victim may know personally or indirectly. Impersonations can involve general recruiters on professional networking websites or prominent people associated with certain technologies.”
The FBI suggests companies "develop [their] own unique methods to verify a contact’s identity," using "separate unconnected communication platforms." Companies should not "store information about cryptocurrency wallets" like passwords, wallet IDs, or private keys.
The FBI further advised using "multiple factors of authentication and approvals from several different unconnected networks" for any movement of financial assets. Firms with large quantities of cryptocurrency should block devices from "downloading or executing files" unless they come from “specific white-listed programs, and disabling email attachments by default.”
Social engineering attacks use human psychology to gain unauthorized access to networks and data. 98% of cyberattacks rely on social engineering, making it one of the most common tactics. These attacks often involve sending phishing emails to manipulate victims into disclosing confidential information like passwords, usernames, or financial information.
Cryptocurrency is growing in value and global relevance, leading to more cyberattacks. So, North Korean hackers are using sophisticated social engineering techniques to infiltrate their cybersecurity. The FBI's warning suggests threats will increase, especially as more individuals and businesses invest in cryptocurrency.
Cryptocurrency companies must improve their cybersecurity measures to protect themselves against these threats. They should also stay informed about the latest tactics to prevent attacks from these state-sponsored hacking groups.
Phishing attacks usually involve fraudulent emails or messages that appear legitimate, tricking individuals into clicking on malicious links or attachments or disclosing personal information like passwords and financial details.
Common signs include misspelled URLs, urgent requests for sensitive information, unfamiliar senders, or suspicious attachments.
Organizations should verify the identity of contacts using separate, secure platforms, avoid clicking on suspicious links, and use multi-factor authentication for sensitive accounts. They should also be careful of unexpected emails or messages that ask for personal information.
Read also: Tips to spot phishing emails disguised as healthcare communication