North Korean Hackers are using complex and destructive impersonation methods to steal victims’ financial assets, the FBI has warned.
Imitating professional contacts, concocting tailored messages and even making fake offers of lucrative employment, the Bureau warned that these “highly tailored, difficult-to-detect social engineering campaigns” can be extremely convincing to those unaware of the scam, and could cause significant damage to businesses in the decentralized finance and cryptocurrency sectors. The tactics are unique, the attacks themselves are only the latest method by Pyongyang-linked actors to exact financial damage on the West.
“North Korean social engineering schemes are complex and elaborate, often compromising victims with sophisticated technical acumen,” the Bureau said in a public service announcement on Tuesday.
“Given the scale and persistence of this malicious activity, even those well versed in cybersecurity practices can be vulnerable to North Korea’s determination to compromise networks connected to cryptocurrency assets.”
FBI Director Christopher Wray; CIA Director Gina Haspel; and Director of National Intelligence Dan Coats testify at a Senate Intelligence Committee hearing on “Worldwide Threats” January 29, 2019 in Washington, DC. On Tuesday, The FBI warned that Pyongyang’s latest hacking campaign used personalized scenarios, and even fake offers of employment, to lure victims into giving hackers access to their companies’ networks.
Win McNamee/Getty Images
The attacks, which the FBI said had been ongoing for the past several months, began with “extensive pre-operational research” by the North Korean cyber actors.
This involved scouting social media activity, as well as the professional networking and employment -related platforms, to gain an understanding of the victims and to mimic familiarity.
Using this information, the hackers then concocted “individualized fake scenarios” to hook the targeted person, based on their backgrounds, skills and business interests.
These scenarios, the FBI warned, often include offers of employment, with the actors mimicking recruiting firms or technology companies which to the target appear legitimate.
Once a rapport has been developed, the hackers will then send the victim malware – disguised as pre-employment tests, employment offers, or video conference invitation, among others – which, if downloaded, allow them to gain a foothold in their companies’ networks, before stealing cryptocurrency exchange traded funds and other cryptocurrency-related financial products from the firms.
Korean leader Kim Jong Un speaks at the Supreme People’s Assembly in Pyongyang, North Korea Monday, Jan. 15, 2024. North Korean Supreme Leader Kim Jong Un during a press conference, June 19, 2024, in Pyongyang, North Korea. The country has been engaged in an extensive array of cyberattacks aimed at companies and state-linked agencies of the U.S. and its allies.
Korean Central News Agency/Korea News Service via AP
The FBI did not quantify how much had been stolen using these “Social Engineering Attacks.”
In March, however, United Nations sanctions monitors revealed that Pyongyang-linked cyberattacks had caused around $3.6 billion in damage to cryptocurrency companies between 2017 and 2024.
The FBI highlighted that North Korean cyber actors pose a “persistent threat” to organizations handling significant amounts of cryptocurrency and, given the potentially serious consequences, provided a list of warning signals for those who fall prey to the attacks.
These include suspicious requests to download applications on company-owned devices, unsolicited offers of employment which include “unrealistically high compensation,” or requests to move professional conversations to other platforms.
These methods are the latest chapter in a long-running saga of cyber-espionage by the isolated nation, which has employed numerous methods both profit from Western companies and to wreak damage on the state apparatuses of its enemies.
A June report revealed that Pyongyang-backed hackers had used a fake google translation program to infiltrate and steal personal data from numerous individuals in South Korea, including a South Korean academic specializing in geopolitical issues on the Korean peninsula.
A month prior, South Korea’s Defense Ministry confirmed that North Korean hackers had breached the personal emails of high-ranking members of the country’s military.
Do you have a story we should be covering? Do you have any questions about this article? Contact LiveNews@newsweek.com.
