The Federal Bureau of Investigation (FBI) in a recent announcement warned that the Democratic People’s Republic of Korea (DPRK) is conducting cyber operations targeting one of the fastest growing industry sectors this year: the cryptocurrency exchange-traded funds (ETF) market.
Cyber Threats Against Crypto ETFs
FBI report details that North Korean cybercriminals have been conducting extensive research on crypto-ETF-related targets over the past few months, indicating an increased likelihood of malicious cyber activity directed at companies associated with the ETF sector and other financial products related to this market.
According to the FBI, the North Korean regime has demonstrated a persistent threat to organizations with significant amounts of cryptocurrency assets. The report states:
North Korea’s social engineering schemes are sophisticated and elaborate, often compromising victims with sophisticated technical knowledge. Given the scale and persistence of this malicious activity, even those well-versed in cybersecurity practices may be susceptible to North Korea’s determination to compromise networks connected to cryptocurrency assets.
North Korea’s Social Engineering Tactics
The announcement also outlines various “social engineering tactics” used by North Korean state-sponsored actors. It claims that these cybercriminals meticulously identify specific companies in the decentralized finance (DeFi) and cryptocurrency space, then attempt to contact employees through fraud.
In a sweep of social media, especially professional social media sites, the FBI found that they collect personal information about potential victims. They operate that information to create convincing scenarios that seem tailored and appealing.
Among the various recommendations in the report, the FBI included a warning that included potential signs of North Korean social engineering and suggestions for countermeasures for organizations at risk.
Firms, including successful ETF players, should implement stalwart cybersecurity protocols, including training their employees to recognize phishing attempts and suspicious messages.
Featured image from DALL-E, chart from TradingView.com