The United States Impose Sanctions on Three North Korean Hacking Groups
Last updated September 28, 2021
North Korean threat actors were seen aggressively targeting the cryptocurrency industry via sophisticated social engineering tactics to infiltrate and compromise decentralized finance (DeFi), cryptocurrency firms, and related entities, per a warning advisory issued by the Federal Bureau of Investigation (FBI).
According to the FBI, North Korean hackers conduct in-depth surveillance on their potential victims, often associated with DeFi or cryptocurrency sectors. These threat actors create individualized, fake scenarios usually centered around new employment opportunities or corporate investments.
Engaging in extended conversations builds trust before deploying malware, making the interaction seem natural and non-threatening. Often, they impersonate known contacts using realistic images, including those stolen from social media, to further their deception.
The actors may also impersonate recruiting firms or technology companies backed by false professional websites, such as the 17 North Korean domains seized in October 2023.
Ultimately, victims are asked to run code or apps on company devices and open non-standard code package tests, unsolicited employment offers, and suspicious links or attachments.
Social engineering is just one option for hackers. Other campaigns may include supply chain attacks to deploy malware, targeting smart contracts through reentrancy or flash loan attacks, and exploiting decentralized autonomous organizations via governance attacks.
The FBI also highlights the possibility of these threat actors extending their focus to cryptocurrency exchange-traded funds (ETFs).Â
Organizations are advised to verify the identity of contacts and avoid sharing sensitive information related to cryptocurrency wallets or running unauthorized code. Enforcing multi-factor authentication (MFA) mechanisms and using secure business communications platforms are also strongly advised.