A newly published public service warning from the U.S. Federal Bureau of Investigation, alert number I-090324-PSA, has warned of ongoing and aggressive attacks designed to steal cryptocurrency. The highly tailored and difficult-to-detect social engineering campaigns are, the FBI said, being conducted by state-sponsored hackers affiliated with the Democratic People’s Republic of Korea. The North Korean attacks are aimed primarily at employees of crypto and finance companies, in particular “organizations with access to large quantities of cryptocurrency-related assets or products.”
Even Those Well Versed In Cybersecurity At Risk, FBI Warns
The FBI has said that the North Korean crypto-stealing campaign is complex, elaborate, and persistent. This means that even victims with considerable technical acumen and cybersecurity skills are vulnerable to compromise. As such, the determination of the state-sponsored attackers to compromise networks associated with crypto assets should not be underestimated.
An FBI investigation into a number of such targets related to crypto exchange-traded funds carried out over recent months suggests that “North Korean actors may attempt malicious cyber activities against companies associated with cryptocurrency ETFs or other cryptocurrency-related financial products.” The FBI alert emphasized that the threat actors conduct extensive pre-operational research before striking. This includes a thorough social media review, especially on professional networking platforms.
The FBI said that hackers “incorporate personal details regarding an intended victim’s background, skills, employment, or business interests” to build convincing scenarios that can be used to fool the target. One such scenario that has been used repeatedly is that of a fake offer of employment or investment, with the aim to initiate a prolonged conversation with the victim. Such persistence is required to build trust and make the endgame of dropping malware that much easier. The FBI has warned that North Korean criminals can communicate in fluent English, including highly technical language covering the crypto landscape.
What To Watch Out For: Indicators Of Crypto Attack Activity
The FBI alert includes a brief list of the. Most likely potential indicators of North Korean threat actor activity used in executing crypto-stealing phishing attacks. As such, people are warned to look out for requests to download applications on devices connected to the company network. Requests to complete some form of pre-employment test have also been used, along with debugging exercises that execute non-standard scripts. Unexpected offers of employment from well-known crypto or tech firms, especially when accompanied by an unrealistic salary offer, should be treated with the utmost caution. The same caution should apply to spontaneous offers of investment.
Do These Four Things Now
To mitigate the undoubted risk that these teams of North Korean social engineers pose, the FBI recommends a number of best practice suggestions:
- If an initial contact is made via a professional networking or employment site, ensure you confirm the request using either a live video call or a different messaging platform. Communications should be funneled to closed platforms and ideally require in-person authentication before adding anyone to an internal platform.
- Don’t store any information concerning crypto wallets, including logins, passwords, seed phrases, IDs and the like, on devices that are connected to the internet. Do require multiple factors of authentication, along with “approvals from several different unconnected networks” before moving any financial assets.
- Limit any access to sensitive network information and company code repositories and rotate security checks on authentication and approval process-related devices on a regular basis.
- Do not allow pre-employment testing or code execution on company laptops; instead, insist on using a virtual machine or a device that has been provided in person by the tester.
The FBI recommends that if you think such a campaign may have targeted you then report it by filing a detailed complaint at the FBI Internet Crime Complaint Center.
This news is republished from another source. You can check the original article here