North Korean Hackers Use Social Engineering to Target Crypto Employees, FBI Warns

North Korea is escalating its cyberattacks on the crypto industry, employing sophisticated social engineering tactics to deceive employees and gain access to valuable digital assets, the Federal Bureau of Investigation (FBI) has warned.

These state-sponsored hackers are meticulously researching their targets, often using personal information gleaned from social media to craft highly convincing fake scenarios.

This personal information can include details about events the target has attended, their personal relationships, and their affiliations.

These scenarios may involve lucrative job offers, investment opportunities, or even requests for assistance from seemingly familiar contacts.

The hackers are fluent in English and well-versed in cryptocurrency, making their approaches even more deceptive.

They often initiate contact through professional networking sites or via direct messages on social media platforms, leveraging common interests and connections to establish a sense of trust.

Once they’ve established contact, they build rapport with their victims, often engaging in prolonged conversations to gain trust before deploying malware or other malicious tools.

These tools can be disguised as harmless files or links, or even embedded in seemingly legitimate job applications or investment proposals.

The FBI has observed that these hackers have targeted employees at various levels within cryptocurrency companies, including developers, engineers, and even executives.

They have also been known to impersonate recruiters, investors, and other industry professionals to gain credibility.

The ultimate goal of these attacks is to steal crypto funds, which can then be used to finance North Korea’s illicit activities.

The FBI urges companies and individuals in the crypto sector to be vigilant and follow best practices to protect themselves from these attacks.

This includes verifying the identity of contacts through multiple channels, avoiding executing code or downloading files from unknown sources, using strong passwords and two-factor authentication, keeping software and systems up to date, and reporting any suspicious activity to law enforcement.

The FBI also emphasizes the importance of employee training and awareness programmes to help identify and prevent social engineering attacks.

Featured image credit: Edited from Freepik

North Korean Hackers Use Social Engineering to Target Crypto Employees, FBI Warns

Author

Industry Urges Broader Access After First HKMA Stablecoin Licenses Go to Banks

EX.IO, Payment Asia Partner to Build Stablecoin Infrastructure After Hong Kong Licenses

Hong Kong Stablecoin Licence Awarded to HSBC and StanChart-Led Anchorpoint Financial

Tourists Can Now Pay for Public Transport Using iPhone, Apple Watch in S. Korea

Gobi Partners Invests in Transak to Expand Regulated Digital Asset Payments in Asia

Kaia Sets First-Half 2027 Timeline for Won-Based Stablecoin Launch

Indonesia and South Korea Begin Cross-Border QRIS Payments in Local Currencies

Hong Kong Misses March Deadline for First Stablecoin Licenses, No Issuers Approved

Turn Any iPhone Into a Payment Checkout Device With Adyen

Building Trust in Digital Asset Infrastructure with Hardware Roots of Trust

North Korean Hackers Use Social Engineering to Target Crypto Employees, FBI Warns

Author

Related Posts

Subscribe to Updates