The threat actors employ social engineering tactics to gain inside access to critical systems, said the federal agency.
The Federal Bureau of Investigation (FBI) issued a hacking alert on Tuesday warning that North Korea was aggressively targeting the cryptocurrency industry, using complex and elaborate schemes that render “well versed” cybersecurity experts vulnerable to attacks.
North Korea is conducting “highly tailored, difficult-to-detect social engineering campaigns against employees of decentralized finance (DeFi), cryptocurrency, and similar businesses to deploy malware and steal company cryptocurrency,” said the Sept. 3 alert. Over the past months, hackers from the communist nation have carried out research on a variety of targets connected to exchange-traded funds (ETFs), it noted.
“This research included pre-operational preparations suggesting North Korean actors may attempt malicious cyber activities against companies associated with cryptocurrency ETFs or other cryptocurrency-related financial products.”
The FBI outlined multiple social engineering tactics employed by North Korean hackers. The criminals may seek to influence employees at DeFi or cryptocurrency-related businesses to secure unauthorized access to networks.
For this, the threat actors identify prospective victims by reviewing social media activity, specifically employment platforms.
The hackers approach targets with new employment or corporate investment offers. “The actors usually attempt to initiate prolonged conversations with prospective victims to build rapport and deliver malware in situations that may appear natural and non-alerting,” the FBI stated.
“If successful in establishing bidirectional contact, the initial actor, or another member of the actor’s team, may spend considerable time engaging with the victim to increase the sense of legitimacy and engender familiarity and trust.”
The hackers may impersonate individuals the victim knows directly or indirectly. Such impersonations present themselves as recruiters on professional networking websites or certain prominent people in the tech field.
The FBI stressed that North Korea poses a “persistent threat” to organizations having large quantities of crypto assets.
“Given the scale and persistence of this malicious activity, even those well versed in cybersecurity practices can be vulnerable to North Korea’s determination to compromise networks connected to cryptocurrency assets.”
Over the past years, these hackers have been responsible for several high profile attacks against crypto firms. In June 2022, $100 million worth of crypto assets were stolen from U.S. crypto firm Harmony by North Korea-linked hacking group Lazarus.
In July this year, Indian crypto exchange WazirX lost $235 million in crypto assets. According to blockchain analysis firm Elliptic, the theft was carried out by hackers affiliated with Pyongyang.
Crypto Thefts
Hackers linked to North Korea stole at least $600 million in cryptocurrency last year, accounting for almost a third of all funds stolen via crypto hacks in 2023, according to a January report by TRM Labs.
“Hacks perpetrated by the DPRK were on average ten times as damaging as those not linked to North Korea. Nearly USD 3 billion worth of crypto has been lost to Pyongyang-linked threat actors since 2017,” the report stated.
“North Korea conducts nearly all of its attacks by compromising private keys and seed phrases, which are critical security elements of digital wallets. Hackers transfer the victims’ digital assets to wallet addresses controlled by North Korean operatives.”
U.S. firm Chainalysis estimates North Korea-linked hackers stole more than $1 billion worth of cryptocurrencies last year. While this was lower than 2022’s $1.7 billion, the number of hacks last year was 20, “the highest number on record,” it said in a post.
“We estimate that North Korea-linked hackers stole approximately $428.8 million from DeFi platforms in 2023, and also targeted centralized services ($150.0 million stolen), exchanges ($330.9 million), and wallet providers ($127.0 million).”
Last year, the White House called for further legislation on cryptocurrency, pointing to hacking from this specific geographic region. A lack of security protocols allowed Pyongyang to “steal over a billion dollars to fund its aggressive missile program,” it said.
The White House was referring to allegations made by democratic South Korea that its contentious northern neighbor employed hackers to steal $1.2 billion in digital assets.
The United Nations is also reportedly looking into these activities.
A March report from the organization stated that its Panel of Experts was “investigating 58 suspected cyberattacks by the Democratic People’s Republic of Korea on cryptocurrency-related companies between 2017 and 2023, valued at approximately $3 billion, which reportedly help to fund the country’s development of weapons of mass destruction.”