FBI Warns of North Korea Attacks Against the Crypto Industry

The decentralized finance (DeFi) and cryptocurrency industries are being targeted by North Korean social engineering schemes in highly personalized and convincing ways.

Here is an example that the FBI is showcasing:

1. A person from your dream company, using the name of an old colleague, contacts you on social media, mentioning a conference you both recently attended and discussing shared interests.

2. He asks if you’re job hunting and reveals his company needs your skills, offering a significant pay raise. He arranges an interview with his CTO and during the interview, the CTO gives you a “pre-employment” test that involves troubleshooting code from some GitHub repositories you do not recognize.

3. You clone the repositories, execute the code, find the bugs, and pass the test with flying colors.

Congrats — you have fallen for a well-disguised social engineering scheme conducted by North Korean cyber actors. One of those GitHub repositories was malicious and landed a malware dropper on your machine which installed a key logger and acquired your credentials to access your company’s network.

The North Korean attackers gain access and moving laterally, eventually getting access to the seed phrases and security signatures for your company’s cryptocurrency assets. Shortly thereafter all the company’s crypto assets disappear and everything you and your colleagues worked for is gone.

The threat is real.

Check out the full FBI public warning here: https://www.ic3.gov/Media/Y2024/PSA240903

E-mail me when people leave their comments –

CISO and Cybersecurity Strategist

You need to be a member of CISO Platform to add comments!

Join CISO Platform

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)
 

 

 

Best of the World Talks on The CISO's Journey: From Expert to Leader

  • Description:

    We are hosting an exclusive "Best of the World" Talks session on "The CISO’s Journey: From Expert to Leader" featuring David B. Cross (SVP & CISO at Oracle), Bikash Barai (Co-founder of CISO Platform & FireCompass) & David Randleman (Field CISO at FireCompass).

    The journey from cybersecurity expert to strategic leader is a transformative one for CISOs. This session delves into the stages of a CISO’s evolution, the balance…

  • Created by: Biswajit Banerjee
  • Tags: ciso