North Korean Hackers Targeting Crypto Firms
The FBI has issued a public service announcement today, in which they explained how the DPRK is aggressively targeting the crypto industry. In their announcement, the FBI mentioned that the Democratic People’s Republic of Korea (DPRK) is using social engineering schemes to target crypto companies.
These social engineering campaigns are highly tailored and difficult to detect. The DPRK targets employees of decentralized finance and cryptocurrency-related businesses to deploy malware and steal the company’s crypto assets.
North Korean cyber players are known for their subtle research on potential targets. They often engage in extensive pre-operative planning to craft highly personalized scenarios to deceive the victims. These scenarios involve fake offers of employment or investment tailored to the background and interests of the victim.
To penetrate into an organization they apply for a developer job with high end work experience that makes them the perfect candidate. They create well structured and highly tailored github profiles, fake identities including passports and other national id cards. The pre-operational research is fine to the details at such a level that it becomes impossible to identify the real person.
On Aug 15, ZachXBT, a renowned crypto researcher, shared a similar incident where a crypto organization asked for his help after they lost $1.3M in an exploit. Zach shared that the team was unaware that they had hired multiple DPRK IT workers as devs. He also shared that he has found more than 25 crypto projects where these DPRK devs were active.
The Federal Bureau has identified and shared several indicators of North Korean social engineering attempts. These include unsolicited employment offer letters with very high compensation, investment proposals and applying for jobs with high experience to stand out of other candidates. The actors insist on using non-standard softwares for simple tasks or requests to move the conversation to other messaging platforms and then send unexpected links or attachments.
The FBI has recommended several practices to crypto firms to mitigate these threats. The organization should develop various methods to verify contacts’ identities and avoid executing codes on company owned devices during pre-employment tests. Every crypto firm must have procedures to check and validate every transaction and smart contracts before signing it. They also recommend that if a company device is suspected to have been impacted by such a social engineering campaign, it should be immediately removed from the server and internet. And immediately file an FIR with the law enforcement agency.