The FBI issued an alert on Tuesday, September 3, regarding the increase in cyberattacks by North Korea targeting users and companies related to the cryptocurrency sector, especially those linked to bitcoin ETFs (BTC) and cryptocurrencies.

According to the Federal Bureau of Investigation (FBI), North Korean hackers are using highly sophisticated social engineering campaigns to infiltrate and steal crypto assets.

In an alert posted on its website today, the federal office said North Korean hackers have stepped up their efforts in social engineering, a technique attackers use to manipulate individuals to gain access to sensitive information.

These campaigns focus on targeting and exploiting cryptocurrency industry employees, using advanced phishing tactics and other forms of digital deception, the FBI says.

The entity highlights the complexity of these systems, which is notable, since it includes methods such as the creation of fake websites, emails that appear legitimate and identity theft on social networks to deceive victims.

Targets identified by North Korean hackers include companies and individuals associated with the cryptocurrency sector, especially those with access to large amounts of crypto assets or related products, such as bitcoin spot price exchange-traded funds (ETFs).

“North Korean malicious cyber actors conducted research on a variety of cryptocurrency ETF-related targets over the past several months. This research included pre-operational preparations suggesting that North Korean actors may attempt malicious cyber activities against companies associated with cryptocurrency ETFs or other cryptocurrency-related financial products .”

Federal Bureau of Investigation.

For companies active in or associated with the cryptocurrency sector, the FBI has highlighted that “North Korea employs sophisticated tactics to steal cryptocurrency funds and is a persistent threat to organizations with access to large amounts of cryptocurrency-related assets or products.”

Indicators of a North Korean hacker attack

The FBI listed several indicators that could signal North Korean social engineering activity, including unexpected requests for sensitive information, emails with suspicious attachments, and any interaction requesting access to cryptocurrency systems or funds.

For affected or at-risk organizations, the FBI recommends security training, identity verification, software updates, and activity monitoring for anomalous behavior that may indicate a compromise.

Social engineering campaigns not only pose a threat to the security of digital assets, but also underscore the importance of education and ongoing verification when handling sensitive information.

The FBI and the United States Department of Justice have for years identified and reported the activity of North Korean hackers, associated with groups such as Lazarus Group and APT38.

These groups have been accused of massive cryptocurrency thefts and cyberattacks targeting a variety of industries, including defense, technology, and the financial sector.

The response of the FBI and other security agencies has been to increase surveillance, cybersecurity training, and international collaboration to mitigate these risks, reflecting a proactive strategy against the North Korean cyber threat.