Your friendly neighborhood Kim
The FBI has issued a warning about North Korean hackers preparing to launch attacks aimed at stealing cryptocurrency from organizations that hold large amounts of digital assets. These attacks will rely on advanced social engineering techniques, making them hard to detect because they will appear personalized and legitimate.
DeceptioNK. Wanna work for Pyongyang, or would you rather employ them?
Recently, the FBI noticed that North Korean hackers have been researching companies involved in cryptocurrency exchange-traded funds (ETFs). This early-stage planning suggests that large-scale cyberattacks could happen soon.
What makes these attacks tricky is that the hackers will often start by building trust. They’ll engage in what seem like normal conversations, posing as business contacts or recruiters offering job opportunities. They might take their time to form relationships before they attempt anything harmful.
Lazarus and Kimsuky: The usual suspects
Two groups, Lazarus and Kimsuky, are particularly good at using social engineering to steal cryptocurrency. These attacks are meant to fund North Korea’s nuclear program, and the United Nations estimates they’ve stolen up to $3 billion in crypto so far.
The hackers don’t just steal crypto—they sometimes apply for real jobs at U.S. firms to carry out malicious activities from the inside. As these hackers get better at blending in, companies must be even more alert to spot suspicious activity.
The structures of the social engineering scheme
The FBI has outlined several tricks that North Korean hackers use to gain employees' trust and access company systems:
Research on Targets. Hackers do their homework by studying employees on social media and professional platforms like LinkedIn. This helps them learn about the target’s work and interests.
Fake Opportunities. Once they know enough, hackers create personalized fake offers, like job opportunities or investment deals, that seem too good to pass up. These scenarios are crafted to appeal to the victim’s background and emotions, making it easier to build trust.
Impersonating Known Contacts. Hackers often pretend to be someone the victim knows, like a recruiter or a prominent person in the industry. They may use stolen photos to make their profiles seem real.
Final Attack: Deploying Malware
Once the hacker has earned the victim’s trust, they make requests that lead to the actual attack. These can include asking the target to download malware by executing code or using unfamiliar software. Hackers may also suggest moving conversations to different messaging platforms or send links and attachments that contain hidden malware.
How to give Kim the elbow
Even though these attacks are sophisticated, there are ways companies can protect themselves:
Verify Contacts’ Identities: Always double-check who you’re talking to by using a different method of communication, like a video call on another platform.
Keep Sensitive Info Offline: Don’t store important cryptocurrency information like passwords or private keys on internet-connected devices.
Be Cautious with Job Offers: Avoid running code or taking pre-employment tests on company devices during the recruitment process.
Use Multi-Factor Authentication (MFA): Require multiple forms of authentication, especially when handling financial transactions, to make it harder for hackers to gain access.
Comments