What is Social Engineering Attack that North Koreans Hackers Deploy

As the cryptocurrency, NFT, and Web3 industries continue to expand, they have become primary targets for hacks led by “social engineering”, particularly from North Korea. As reported earlier by The Crypto Times, a group of North Korean hackers going by the name, “Lazarus Group” was allegedly behind the Rs 2000 crore WazirX hack.

These social engineering attacks are highly planned and difficult to detect, aimed to invade companies and steal valuable cryptocurrencies. Unlike traditional hacking methods, these techniques are highly advanced, able to manipulate human behavior, trust, and emotions.

In this article, we will discuss the various modus operandi used by hackers for social engineering attacks.

Recent instances of Social Engineering Attacks

Cybercriminals are increasingly targeting centralized exchanges because they hold large amounts of assets. Even though the improvements are secured, these exchanges are still attractive to hackers due to their big reserves. For example, in May 2024, a Japanese exchange called DMM was hacked, and $305 million in Bitcoin was stolen. In July 2024 an Indian exchange WazirX was hacked and stolen with $230 million in assets. This shows that even with better defence mechanisms, the exchanges failed in front of well-organised groups like North Korea’s Lazarus.

Cryptoware attacks have jumped in 2024. This year, the largest ransom paid was $75 million, meaning hackers are now targeting big companies. The average ransom has risen from an average $200,000 last year to over $1.5 million.

What is Social Engineering Attack?

Social engineering in the crypto space involves tricking individuals into revealing confidential information or making them involved in such activities that are a big threat for their security. 

Attackers rely on psychological manipulation to create a sense of urgency, fear, or curiosity. For example, a scammer might send a phishing email that appears to come from a trusted source, asking the user to click an inappropriate link that leads to sharing the important information such as passwords or private keys of users. And they can access wallets, transfer funds, or take control of accounts.

How Different are North Korean Social Engineering Attacks?

North Korean social engineering campaigns are more advanced. They conduct extensive pre-operational research, gathering detailed information about specific DeFi or cryptocurrency-related issues through social media and official networks. They create that believing factor by listing fake job offers or investment deals. User should be conscious of pre-employment tests or debugging tasks involving unfamiliar Node.js packages, PyPI packages, or scripts

One common method used by North Korean cyber hackers is impersonation.They are likely to be trusted figures or organisations, such as recruiters or technology experts, using a real image of their own and creating fake websites to enhance their own credibility. This to make their approach seem authentic and trustworthy.

How to protect yourself from Social Engineering Attacks?

To protect against these social engineering attacks, the FBI advises implementing several key practices. Initially verify the identity of individuals by using separate, unconnected communication channels. For example, if initial contact is made through a professional networking site, confirm their request through a live video call on a different platform. And avoid storing important information like cryptocurrency wallet credentials on Internet-connected devices and start using multi-factor authentication (MFA) and strong, unique passwords to secure accounts.For large cryptocurrency holdings, block unauthorized file downloads and disable email attachments by default.

Regularly update software and security checks on devices and networks. Limit the access to sensitive information and ensure that business communications are conducted through authenticated platforms. This will avoid non-standard or custom software for simple tasks and be aware of unwanted communications having links or attachments.

If there is a suspicion that the company may have been targeted by North Korean social engineering or other inaproproate activities, take immediate action. Disconnect affected devices from the Internet but keep them powered on to preserve potential evidence. Report the incident to the FBI Internet Crime Complaint Center (IC3) and provide detailed information about thee awareness and prevent similar attacks.

Conclusion

In conclusion, social engineering attacks, especially by North Korea, represent a significant threat to the cryptocurrency and DeFi sectors. These attacks exploit human psychology rather than technical weaknesses, making them challenging to detect and prevent. Users must stay informed, implement strong security measures, and educate employees, both individuals and companies can better defend against these persistent and evolving threats. As the crypto world expands, it’s important to stay ahead of these threats to keep users safe and maintain trust.

Also Read: Exclusive: Are these North Korean Hackers behind WazirX Hack?