FBI: North Korean Actors Readying Aggressive Cyberattack Wave

Sophisticated social engineering is expected to accompany threat campaigns that are highly targeted and aimed at stealing crypto and deploying malware.

North Korean threat actors are expected to launch imminent attacks aimed at stealing funds from organizations with access to large quantities of cryptocurrency-related assets or products, the FBI is warning, adding that the attacks will use particularly deceptive social engineering tactics, including highly personalized targeting that will appear extremely convincing.
In the last several months, federal officials have observed various state-sponsored actors from the DPKR conducting research on targets connected to crypto exchange-traded funds (ETFs). The reconnaissance appears to be pre-operational in nature, the agency said in
a public service announcement
published yesterday.
Impending attacks — which may include both crypto theft and the deployment of malware — likely will come in stealth form, including as what may appear as innocuous conversations with people who speak English fluently and appear to have an authentic business reasons for contact, or job opportunities for employees. Attackers also will likely play the long game, taking the time to cultivate a personal relationship before doing anything malicious, the agency said.
Indeed, North Korean advanced persistent threats (APTs) such as Lazarus and
Kimsuky
are particularly adept at using social engineering to
steal crypto
in threat campaigns aimed to gather funds to support the
countrys nuclear program
as well as other endeavors of North Koreas Supreme Leader Kim Jong Un. In fact, the United Nations estimates that
North Korean attackers have stolen
up to $3 billion in crypto so far in such targeted attacks.
In these campaigns, state-sponsored actors convincingly impersonate recruiters and headhunters to target employees of different sectors, and even apply for and sometimes
get hired for jobs
in US firms to engage in malicious activity.
This fresh wave of attacks may be even more difficult to detect than previous ones, requiring vigilance on the part of the employees of crypto firms to monitor for any even remotely suspicious activity, the FBI said. Given the scale and persistence of this malicious activity, even those well-versed in cybersecurity practices can be vulnerable to North Koreas determination to compromise networks connected to
cryptocurrency assets
, according to the warning.
Attackers likely will use variations on three key areas of social engineering even before attackers even attempt to engage in technologically malicious activity, according to the FBI. The idea is to win the trust of employees of crypto firms so they can gain access to accounts, systems, or other assets of their respective companies in a way that does not raise suspicion.
First, they may engage in extensive research to identify
specific DeFi
or cryptocurrency-related businesses to target, and doing their homework on employees by reviewing their social media activity, particularly as it appears on professional networking or employment-related firms, the agency said.
Armed with this info, attackers will move to the next phase of the ruse, with individualized fake scenarios that leverage personal details regarding an intended victim’s background, skills, employment, or business interests to craft customized fictional scenarios designed to be uniquely appealing to the targeted person, according to the warning.
These can include offers of new employment or corporate investment that draw on employees personal details and thus appeal to their interests or emotions, thus setting up a trust relationship thats furthered by prolonged conversations aimed at building a friendly rapport.
A third tactic used by attackers is to impersonate people that a victim may know personally or indirectly, such as a
recruiter on a professional networking website
or a prominent person in a related technology field. These impersonations may be accompanied by the use of photos stolen from social media profiles or professional websites.
Once the social relationship between the North Korean attacker and victim is solidified, threat actors will then proceed to make requests or offers that eventually lead to the deployment of malware or the theft of cryptocurrency.
These include requests to execute code or download applications on devices with access to a companys internal network, or to conduct a pre-employment test or debugging exercise that involves executing non-standard or unknown Node.js packages, PyPI packages, scripts, or
GitHub repositories
.
Attackers also may insist on using non-standard or custom software to complete simple tasks easily achievable through the use of common applications, such as video conferencing, as a way to smuggle malware onto an organizations network. They also may request to move professional conversations to other messaging platforms or applications for a similar goal, or send links or attachments that conceal malware to targeted employees related to the previously established communication.
Despite the sophistication of the tactics, firms likely to be targeted can take various steps to mitigate their risks, the FBI said. These include developing their own in-house methods to verify a contacts identity using separate unconnected communication platforms (such as a live video call on a different messaging app than the one used by the potential attacker).
Organizations also should be careful not to store information about cryptocurrency wallets — such as logins, passwords, wallet IDs, seed phrases, private keys, etc. — on Internet-connected devices, where they are vulnerable. And employees should avoid taking pre-employment tests or executing code during any recruitment process on company-owned laptops or devices.
Requiring multiple factors of authentication and approvals from several different unconnected networks prior to moving any financial assets to someone also is a best practice that can help any organization avoid being defrauded by
savvy state-sponsored actors
, according to the FBI.

Last News
▸ Tackling The TDoS Threat. ◂ Discovered: 26/12/2024 Category: security	▸ Ruby On Rails Under Attack ◂ Discovered: 26/12/2024 Category: security	▸ Recap of Recent Data Breaches ◂ Discovered: 26/12/2024 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
FBI: North Korean Actors Readying Aggressive Cyberattack Wave