FBI
Facebook Share X Share

FBI says North Korean Hackers are aggressively targeting Web3 Employees to steal Company Cryptocurrency

2024-09-04 by Ndaman Olayinka 5 minutes read
FBI says North Korean Hackers are aggressively targeting Web3 Employees to steal Company Cryptocurrency

The U.S. government said it believes North Korean cybercriminals are planning difficult-to-detect social engineering campaigns for cryptocurrency employees in order to steal company cryptocurrency.

On Tuesday, the United States Federal Bureau of Investigation (FBI) issued a warning to cryptocurrency companies via an announcement that the Democratic People's Republic of Korea hackers are set to infiltrate employees of cryptocurrency, decentralized finance ("DeFi"), and similar companies with malware and steal their cryptocurrency through highly tailored, hard-to-detect social engineering campaigns.

The FBI said that North Korean social engineering tactics are complex and multifaceted, frequently involving victims who possess advanced technical skills. Even individuals who are well-versed in cybersecurity practices may be susceptible to North Korea's determined efforts to breach networks connected to cryptocurrency assets, given the scale and persistence of this malicious activity.

In recent months, North Korean malicious cyber actors have been researching a range of targets connected to exchange-traded funds (ETFs) for cryptocurrencies. Pre-operational planning revealed by this research indicates that North Korean actors might try to engage in hostile cyberattacks against companies connected to exchange-traded funds (ETFs) or other crypto-related investment products, the post said.

The FBI highlights that North Korea is a persistent threat to organizations that have access to large quantities of cryptocurrency-related assets or products and that the country uses sophisticated tactics to steal cryptocurrency funds.

This information is relevant for companies operating in or associated with the cryptocurrency sector. An outline of the social engineering strategies used by North Korea state-sponsored actors against victims in the DeFi, cryptocurrency, and related industries is provided in this announcement, along with information on potential red flags of North Korean social engineering activity, steps to take to protect those most vulnerable, and information on what to do if you believe your company or yourself has been victimized, according to a statement from the FBI.

In order to make the fictitious entities seem real, the actors may also pose as technology companies or recruiting agencies and support them with official websites. The Department of Justice announced in October 2023 that affidavits to seize 17 North Korean domains contain examples of fake North Korean websites.

Cryptocurrency companies are advised not to run code on company-owned devices or administer pre-employment tests, especially if such requests come from unidentified contacts. The announcement contains suggestions from the FBI for preventing such threats.

Recently, hackers with ties to North Korea's government used a zero-day vulnerability in the Chromium browser to target the cryptocurrency market. In a blog post, Microsoft disclosed the campaign and blamed a threat actor they refer to as "Citrine Sleet." The group was previously linked to the Reconnaissance General Bureau of North Korea. The tech giant revealed that other North Korean groups, such as one they refer to as Diamond Sleet, were using some of the campaign's tools.

According to a July report by blockchain investigator ZachXBT, hackers allegedly involved in the $308 million theft from the cryptocurrency exchange DMM Bitcoin in May allegedly used an online marketplace in Cambodia to launder over $35 million. Based on "off-chain indicators" and "similarities in laundering techniques," ZachXBT claims that the Lazarus Group may have been responsible for the hack.

The Lazarus Group has previously been linked to significant cryptocurrency theft. According to a report, the group stole over $1 billion in cryptocurrency assets in 2023 by targeting a record 20 platforms. The group, which is purportedly under the control of the North Korean government, used Tornado Cash, a cryptocurrency mixer, to launder $13 million worth of Ethereum earlier in March in spite of US sanctions.

Disclaimer: This information should not be considered financial advice by any means. Please do your own research before making any investment decisions. The views in the articles are personal opinions only. Whale Insider is not responsible for any financial losses incurred.