North Korean Cyber Unit Targets Crypto Developers Using U.S. Front Companies
Recent reports reveal sophisticated hacking strategies by North Korean hackers targeting crypto developers through deceitful U.S. shell companies.
Key Insights
- North Korean hackers formed fake companies in the U.S. to exploit crypto developers, as reported by security firm Silent Push.
- The operation involved fictitious firms, Blocknovas and Softglide, associated with the Lazarus Group.
- The FBI took down the Blocknovas domain for its role in disseminating malware through fraudulent job postings.
Main Article
North Korean hackers posing as U.S. technology entrepreneurs have quietly set up companies in New York and New Mexico to infiltrate the cryptocurrency sector, according to insights from the security organization Silent Push.
Two fictitious businesses named Blocknovas and Softglide were registered using false identities and addresses, linked to a subgroup within the Lazarus Group.
The hacking unit, backed by North Korea, has previously appropriated billions in cryptocurrencies by employing complex strategies that deceive unsuspecting individuals or corporations.
“This operation exemplifies a rare instance where North Korean hackers have established legitimate corporate entities in the U.S. as fronts to deceive unwary job seekers,” stated Kasey Best, Director of Threat Intelligence at Silent Push.
The hackers use manipulative tactics, such as fake LinkedIn profiles and deceptive job adverts, to lure in crypto developers, tricking them into downloading malware that masquerades as job application tools.
Silent Push has identified multiple victims, particularly those associated with Blocknovas, viewed as the most active of the three deceptive companies. Notably, the firm’s South Carolina address appears to be an empty lot, while Softglide’s was registered via a tax office in Buffalo, New York.
The malware involved includes at least three virus variants linked to North Korean cyber units, capable of stealing data, providing remote access to infected systems, and acting as gateways for additional malware or ransomware.
The FBI’s seizure of the Blocknovas domain aligns with efforts against North Korean cyber actors who utilized this domain to mislead individuals into downloading malicious software through fraudulent job postings.
