The FBI has issued a warning about an increase in sophisticated social engineering attacks by North Korean cyber actors targeting employees in decentralized finance (DeFi), cryptocurrency, and related industries on September 3,2024. These campaigns aim to deploy malware and steal cryptocurrency assets like Bitcoin, posing a significant threat to organizations worldwide.
What is Social Engineering?
Social engineering is a deceptive technique used by cybercriminals to manipulate individuals into sharing confidential information or performing actions that compromise security. Rather than relying on technical hacking methods, social engineering exploits human psychology, often through phishing emails, fake online profiles, or fraudulent phone calls. This tactic is increasingly used in cyberattacks targeting sensitive data and financial assets, making it a critical area of concern for businesses and individuals alike
The Growing Threat: North Korea’s Complex Social Engineering Schemes
North Korean cyber actors are known for their elaborate and difficult-to-detect social engineering tactics. Even employees with strong technical expertise can fall victim to these schemes due to the scale and persistence of the attacks. In recent months, North Korean hackers have conducted extensive research on targets connected to cryptocurrency exchange-traded funds (ETFs), suggesting that these actors may soon target companies involved in cryptocurrency ETFs or other financial products.
Key Indicators of North Korean Social Engineering Attacks
For organizations involved in the cryptocurrency sector, the FBI has highlighted the sophisticated tactics employed by North Korean cybercriminals. These include:
Extensive Pre-Operational Research: North Korean hackers thoroughly scout prospective victims, often through social media platforms, to tailor their approach.
Individualized Fake Scenarios: Customized fake scenarios, such as job offers or investment opportunities, are crafted to appeal specifically to the targeted individual, often referencing personal details to increase credibility.
Impersonations: The actors frequently impersonate known contacts, recruiters, or prominent industry figures, using stolen imagery and fake websites to enhance their legitimacy.
Mitigation Strategies to Protect Your Organization
To protect your organization from these advanced social engineering attacks, the FBI recommends implementing the following best practices:
Verify Contact Identity: Use separate, unconnected communication platforms to confirm the identity of contacts, especially when approached via professional networking sites.
Secure Cryptocurrency Information: Avoid storing sensitive cryptocurrency wallet information on internet-connected devices.
Exercise Caution with Pre-Employment Tests: Insist on using virtual machines or non-company devices for any code execution required during pre-employment tests.
Enhance Authentication: Implement multi-factor authentication and require approvals from multiple, unconnected networks before moving any financial assets.
Restrict Network Access: Limit access to sensitive company documentation and use closed communication platforms with strict authentication protocols.
Responding to a Suspected Social Engineering Attack
If you suspect that your organization has been targeted or compromised by a North Korean social engineering campaign, take the following steps immediately:
Disconnect Affected Devices: Remove impacted devices from the internet but keep them powered on to preserve malware artifacts.
Report the Incident: File a detailed report with the FBI’s Internet Crime Complaint Center (IC3) at www.ic3.gov.
Gather Evidence: Collect and provide as much information as possible to law enforcement, including screenshots and details about the cyber actors involved.
Consider Incident Response Services: Discuss options with law enforcement and, if necessary, consult private incident response companies for a forensic examination of affected devices.
Raise Awareness: Share your experience with colleagues to help increase awareness and prevent future incidents.
We Can Help
The ongoing threat from North Korean cyber actors is a reminder of the importance of robust cybersecurity measures, especially in the DeFi and cryptocurrency sectors.
Skysnag simplifies and automates email authentication processes, including DMARC, SPF, and DKIM, eliminating the need for manual configuration and reducing the risk of errors. By connecting to Skysnag, you can protect your domain’s reputation and avoid risks such as compromised business emails, password theft, and potentially significant financial losses. Start monitoring your domain to safeguard your business against social engineering attacks and strengthen your overall security posture.
Skysnag helps busy engineers enforce DMARC, responds to any misconfigurations for SPF or DKIM which increases email deliverability, and eliminates email spoofing and identity impersonation.
