According to the US Federal Bureau of Investigation (FBI), North Korea is running highly sophisticated social engineering programs designed to crack the security measures of crypto and decentralized finance (DeFi) companies.
A new announcement from the FBI indicates that North Korean cybercriminals are targeting specific employees of companies connected to crypto exchange-traded funds (ETFs).
“Before making contact, actors scout potential victims by assessing activity on social media, especially on professional networks or on employment-related platforms.
North Korean malicious cyber actors use personal information about a targeted victim’s background, skills, employment, or business interests to create customized fictional scenarios designed to uniquely appeal to the targeted individual.”
The FBI says fake scenarios often include new job opportunities or promises of business investment. North Korean cybercriminals can speak fluent English, demonstrate crypto technical prowess and will often reference obscure, highly targeted personal information designed to feign legitimacy, the law enforcement agency said.
“The actors usually try to initiate lengthy conversations with potential victims to build rapport and deliver malware in situations that seem natural and non-alarming.”
The FBI says red flags include:
- “Requests to run code or download applications on company-owned devices or other devices with access to a company’s internal network.
- Requests to perform a ‘pre-employment test’ or debugging exercise that involves running non-standard or unknown Node.js packages, PyPI packages, scripts, or GitHub repositories.
- Offers of work from leading cryptocurrency or technology companies that are unexpected or involve unrealistically high compensation without negotiation.
- Investment offers from leading companies or individuals that are unsolicited or have not previously been presented or discussed.
- Insisting on the use of non-standard or custom software to perform simple tasks that can be easily accomplished through the use of common applications (such as videoconferencing or connecting to a server).
- Requests to run a script to enable calling or video teleconferencing features that are supposedly blocked due to the victim’s location.
- Requests to move professional conversations to other messaging platforms or applications.
- Unsolicited contacts that contain unexpected links or attachments.”
The FBI recommends that crypto firm employees verify the identities of their contacts through other communications platforms and avoid taking pre-employment tests for potential new jobs on existing work laptops.
The agency also suggests that companies keep information about crypto wallets offline; install multiple authentication factors to move corporate financial assets; restrict access to sensitive network documentation; direct business communications to closed platforms that require personal authentication; and disable email attachments by default on corporate devices.
Don’t miss a beat – Subscribe to receive email alerts straight to your inbox
Check price action
Follow us further XFacebook and Telegram
Surf to the Daily Hodl mix
Generated image: Midjourney
