North Korean hackers spend hours researching their targets and embark on lengthy conversations before pushing malware to steal victims‘ funds.
Even though internet access is severely limited for the citizens of the Democratic People‘s Republic of Korea (DPRK), hacking is among the country‘s largest exports.
State-sponsored North Korean hackers have been ravaging the crypto industry for years, stealing billions of dollars’ worth of crypto. And, according to the FBI, they‘re getting better at it.
The Bureau claims that the DPRK “is conducting highly tailored, difficult-to-detect social engineering campaigns against employees of decentralized finance (DeFi), cryptocurrency, and similar businesses to deploy malware and steal company cryptocurrency.”
Hacker schemes are growing in complexity, sophistication, and intensity. For example, attackers embark on lengthy research into their crypto exchange-connected victims, making it extremely difficult for even seasoned cybersecurity specialists to see through the smoke.
“Given the scale and persistence of this malicious activity, even those well versed in cybersecurity practices can be vulnerable to North Korea's determination to compromise networks connected to cryptocurrency assets,” the FBI warned.
How do hackers target crypto insiders?
US authorities note that North Korean malicious actors are well-versed in social engineering tactics. They start with extensive pre-operational research, aimed at identifying specific DeFi or crypto-related businesses.
The overall goal is to find employees within target organizations who could be used to gain access to a company network.
“Before initiating contact, the actors scout prospective victims by reviewing social media activity, particularly on professional networking or employment-related platforms,” the FBI said.
Once attackers pick out target employees, they meticulously craft individualized fake scenarios. North Korean hackers incorporate personal details about the victims, like their background, employment, and skills, to make the scenario as appealing to the target as possible.
If that‘s not enough, the cybercrooks pepper the scenarios with intricate details such as affiliations, personal relationship details, and other information the victim believes only a few trustworthy people would know.
“The actors usually attempt to initiate prolonged conversations with prospective victims to build rapport and deliver malware in situations that may appear natural and non-alerting,” reads the FBI warning.
What’s worse, attackers communicate in nearly fluent English, coaxing the victims into believing they are discussing a certain matter with a peer. If the initial contact is established successfully, attackers embark on lengthy quests to slowly develop a sense of legitimacy, familiarity, and trust.
To achieve that, attackers often impersonate contacts victims may know. More often than not, attackers pretend to be recruiters or prominent people associated with certain technical fields.
“To increase the credibility of their impersonations, the actors leverage realistic imagery, including pictures stolen from open social media profiles of the impersonated individual. These actors may also use fake images of time-sensitive events to induce immediate action from intended victims,” the Bureau shared.
How to spot a cyber vagrant?
The authorities noted several trends within the tactics that North Korean hackers use. Crypto industry insiders should take extra caution if an individual starts requesting to execute code or download applications on company-owned devices.
The same goes for requests to “conduct a "pre-employment test" or debugging exercise that involves executing non-standard or unknown Node.js packages, PyPI packages, scripts, or GitHub repositories.”
Attackers will often offer employment from a well-established crypto tech company with too-good-to-be-true compensation.
Another way to breach companies is to insist on using non-standard software to complete tasks that are perfectly possible with better-known alternatives. Attackers may also request to run a script or move professional chats to other messaging platforms.
The FBI offers its own tactics to lower the risks from North Korea’s social engineering capabilities and response techniques to mitigate the damage if attackers manage to infiltrate an organization.
Your email address will not be published. Required fields are markedmarked