The decentralized finance (DeFi) and
cryptocurrency industries are being targeted by North Korean social engineering
schemes in highly personalized and convincing ways.

Here is an example that the FBI is showcasing:

1.      
A
person from your dream company, using the name of an old colleague, contacts
you on social media, mentioning a conference you both recently attended and
discussing shared interests.

2.      
He
asks if you’re job hunting and reveals his company needs your skills, offering
a significant pay raise.  He arranges an
interview with his CTO and during the interview, the CTO gives you a
“pre-employment” test that involves troubleshooting code from some GitHub
repositories you do not recognize.

3.      
You
clone the repositories, execute the code, find the bugs, and pass the test with
flying colors.

Congrats – you have fallen for a well-disguised
social engineering scheme conducted by North Korean cyber actors. One of those
GitHub repositories was malicious and landed a malware dropper on your machine
which installed a key logger and acquired your credentials to access your
company’s network.

The North Korean attackers gain access and moving
laterally, eventually getting access to the seed phrases and security
signatures for your company’s cryptocurrency assets.  Shortly thereafter all the company’s crypto
assets disappear and everything you and your colleagues worked for is gone.

The threat is real.

Check out the full FBI public warning here: https://www.ic3.gov/Media/Y2024/PSA240903

*** This is a Security Bloggers Network syndicated blog from Information Security Strategy authored by Matthew Rosenquist. Read the original post at: https://infosecstrategy.blogspot.com/2024/09/fbi-warns-of-north-korea-attacks.html