The FBI warns that DPRK cyber actors are running tailored social engineering campaigns against DeFi, cryptocurrency, ETF-related, and similar financial technology businesses to deploy malware and steal cryptocurrency. The actors conduct pre-operational research on companies and employees, using social media and professional platforms to craft individualized job, investment, or business scenarios that reference a victim's background and interests. The PSA says the operators often maintain extended conversations in fluent or near-fluent English, impersonate recruiters or prominent technology contacts, and use realistic imagery or professional websites to make fake entities credible. Reported indicators include requests to run code, unknown Node.js or PyPI packages, scripts, GitHub repositories, custom conferencing tools, or location-bypass scripts on devices with access to company networks.