U.S. Shell Companies Linked to North Korean Hackers Targeting Cryptocurrency Developers, According to Recent Report
Here's the Rewritten Article:
North Korean hackers, connected to the infamous Lazarus Group, have connived to establish shell companies within the United States. These deceitful firms serve as conduits for distributing malware aimed at cryptocurrency developers, blatantly violating US sanctions and exposing significant flaws in the business registration system.
Reuters had collaborated with Silent Push, a cybersecurity firm, to expose this intricate scheme. According to their report, two companies – Blocknovas LLC in New Mexico and Softglide LLC in New York – were established using fabricated identities, including names, addresses, and documentation. This deception facilitated North Korean actors posing as legitimate employers recruiting in the crypto industry. An additional entity, Angeloper Agency, has also been linked to the campaign, although it hasn't been officially registered in the U.S.
Delusive Job Proposals, Barren Lands, and Malware
Silent Push has attributed this operation to a subdivision of the Lazarus Group, a notorious state-backed hacking unit under the auspices of North Korea's Reconnaissance General Bureau. Known for outlandish cyber thefts and espionage, the group has once again capitalized on disguised employment opportunities to distribute malware.
In this latest exploitation, the hackers crafted fraudulent professional profiles and job advertisements, especially on platforms such as LinkedIn. Once they captured the victims' interest, they enticed them to attend simulated interviews where they were egged on to download malware disguised as hiring software or technical evaluations. Blocknovas was the most active entity involved, with numerous verified victims. Their claimed physical address in South Carolina was discovered to be vacant land, while Softglide registered through a Buffalo-based tax preparation service, making it more challenging to trace those orchestrating the operations. The malware used in the attack included strains previously linked to North Korean cyber units, capable of data theft, remote access, and further network infiltration.
The FBI seized the Blocknovas domain, with a warning label on its website indicating its use to swindle job seekers and propagate malware.
North Korean Malware Gambit
The Lazarus Group has repeatedly taken advantage of fake employment opportunities to disseminate malware. For instance, it had instigated a cyber campaign called "ClickFix" that targeted job seekers in the centralized finance (CeFi) crypto sector. A recent expose by cybersecurity firm Sekoia revealed that the group had impersonated companies like Coinbase and Tether to coax marketing and business applicants into sham interviews.
One of Lazarus's most significant crypto heists occurred in 2021 when a pseudo job offer resulted in the $625 million Ronin Bridge hack, targeting Axie Infinity.
For a Limited Time:Access exclusive offers on Binance and Bybit:- Binance: Register here to obtain a whopping $600 welcome bonus.- Bybit: Join here to open a $500 free position on any coin!
- The Lazarus Group, a North Korean hacking entity with a history of cybercrimes, has been confirmed to have distributed malware targeting cryptocurrency developers through fabricated firms such as Softglide LLC.
- Silent Push, collaborating with Reuters, has exposed that hackers within the Lazarus Group have used deceptive job proposals on platforms like LinkedIn to distribute malware, with Softglide registering through a tax preparation service in Buffalo for this purpose.
- The malware used by North Korean hackers in this scheme, as in the "ClickFix" campaign and the $625 million Ronin Bridge hack in 2021, is capable of data theft, remote access, and network infiltration.
- The FBI has seized the domain for the malicious company, Blocknovas, used in this operation, warning job seekers to avoid similar scams that exploit the use of technology in the crypto industry for cybersecurity threats.
