The FBI has warned about North Korean hackers targeting employees of cryptocurrency and decentralized finance (DeFi) companies. In a public service announcement (PSA) released on Tuesday, the FBI detailed how these state-sponsored attackers use advanced social engineering tactics to infiltrate organizations and steal cryptocurrency.
Recognizing this danger is crucial, as the FBI stated that North Korean actors utilize diverse approaches targeting particular DeFi and cryptocurrency organizations and using various social engineering techniques to penetrate their networks. These attackers gather a lot of information about their targets and come up with very credible impersonations. Sometimes it is designed to deceive the employees into granting access to important and secure systems.
In its latest PSA, the FBI underlines the tenacity and sophistication of assailants and states that the latter employ such specific data one can find on social media and employment websites to impersonate contacts or industry peers. This makes such attacks especially challenging since the attackers are not only proficient in English but also have an understanding of cryptocurrencies.
For instance, since 2017, the Lazarus Group of hackers from North Korea allegedly stole around $3 billion in cryptocurrency through such scams. The FBI also advises that even organizations with perfect cybersecurity can be compromised by such clever attacks.
Cryptocurrency Companies Urged to Strengthen Security
The FBI urges cryptocurrency organizations to be cautious. Social engineering attacks are characterized by false offers of employment opportunities or invitations to investment, threats to delay downloading applications on work-issued devices, or changing the communication platform to other social media platforms.
To secure sensitive data, companies should refrain from storing their cryptocurrency wallet information on internet-connected devices, limit access to the main corporate networks, and employ multi-factor authentication.
The PSA also stresses the need to promote awareness of these threats among the public. The FBI has previously cautioned on other crypto-based scams including fake artists who pretend to be affiliated to a law firm.