Home FBI finds North Korea aggressively targeting crypto businesses

FBI finds North Korea aggressively targeting crypto businesses

The Federal Bureau of Investigation (FBI) has released an advisory stating that North Korea has been aggressively targeting cryptocurrency businesses and companies with sophisticated social engineering tactics to then deploy malware and steal funds.

According to the agency, North Korean cyber forces have been researching cryptocurrency exchange-traded funds (ETFs) in recent months, possibly preparing for cyberattacks on companies linked to ETFs or other cryptocurrency financial products. These groups, sponsored by the states, are known as threat actors across the FBI’s Internet Crime Complaint Center (IC3).

FBI wary of North Korean crypto attacks

The FBI advisory released Tuesday (Sep 3) says that even those with technical acumen can fall prey to the threat actors working on behalf of North Korea.

The advisory states: “North Korean social engineering schemes are complex and elaborate, often compromising victims with sophisticated technical acumen. Given the scale and persistence of this malicious activity, even those well versed in cybersecurity practices can be vulnerable to North Korea’s determination to compromise networks connected to cryptocurrency assets.”

North Korea has led several cyber attacks in the past year that have targeted American and international digital infrastructure, with a renewed focus on cryptocurrency. IC3 released a comprehensive breakdown of some processes employed by these threat actors when deploying malicious software.

These entities work using three key strategies outlined in the FBI advisory: extensive pre-operational research, individualized fake scenarios, and impersonations. This can be seen in the activity of well-known hacker groups from North Korea, such as Lazarus.

The pre-operational research includes the threat actors highlighting businesses to target and mimicking their employees to gain access to the company’s network. They scan social and professional networks for these target employees before attempting to gain access to the inner workings of the company.

The individualized fake scenarios include threat actors masquerading as prospective employers or investors in the crypto field who attempt to build a report with target victims before deploying malware.

This activity is directly linked to the FBI’s advisory on Impersonations, which also attempts to clone or hide their activity under false pretenses. The advisory highlights, “The actors usually communicate with victims in fluent or nearly fluent English and are well versed in the technical aspects of the cryptocurrency field.”

How to identify social engineering attempts

The FBI has identified the following indicators that could flag malicious or preempt a targeted attack by North Korean threat actors, named social engineering activity:

  • Requests to execute code or download applications on company-owned devices or other devices with access to a company’s internal network.
  • Requests to conduct a “pre-employment test” or debugging exercise that involves executing non-standard or unknown Node.js packages, PyPI packages, scripts, or GitHub repositories.
  • Offers of employment from prominent cryptocurrency or technology firms that are unexpected or involve unrealistically high compensation without negotiation.
  • Offers of investment from prominent companies or individuals that are unsolicited or have not been proposed or discussed previously.
  • Insistence on using non-standard or custom software to complete simple tasks easily achievable through the use of common applications (i.e. video conferencing or connecting to a server).
  • Requests to run a script to enable call or video teleconference functionalities supposedly blocked due to a victim’s location.
  • Requests to move professional conversations to other messaging platforms or applications.
  • Unsolicited contacts that contain unexpected links or attachments.

Image: Pixlr.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Brian-Damien Morgan
Tech Journalist

Brian-Damien Morgan is an award-winning journalist and features writer. He was lucky enough to work in the print sector for many UK newspapers before embarking on a successful career as a digital broadcaster and specialist. His work has spanned the public and private media sectors of the United Kingdom for almost two decades. Since 2007, Brian has continued to add to a long list of publications and institutions, most notably as Editor of the Glasgow 2014 Commonwealth Games, winning multiple awards for his writing and digital broadcasting efforts. Brian would then go on to be integral to the Legacy 2014,…

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.