North Korean Hackers Create Fake US Firms to Target Crypto Developers
- North Korean hackers created two US-registered companies (Blocknovas LLC and Softglide LLC) to target cryptocurrency developers with malware through fake job opportunities.
- The operation has been linked to the Lazarus Group, an elite North Korean hacking team operated by the country’s main foreign intelligence agency.
U.S. cybersecurity firm, Silent Push, reported that North Korean hackers used legitimate US business entities to deploy malware against cryptocurrency developers. These hackers developed an advanced scheme that used false job advertisements to trick developers into falling victim to their cyber attacks.
Three front organizations participated in the operation. Blocknovas LLC with New Mexico registration and Softglide LLC based in New York along with Angeloper Agency which lacks US registration. The entities used fake personas and addresses to create their presence while evading international sanctions.
“This represents a rare case where North Korean operatives successfully established legal corporate entities on US soil to create convincing fronts for targeting job applicants,”
explained Kasey Best, director of threat intelligence at Silent Push.
The FBI has since taken action, seizing at least one domain associated with Blocknovas as part of enforcement measures against North Korean cyber actors.
Links to Lazarus Group
A North Korean hacking team known as Lazarus Group operates under the Reconnaissance General Bureau, handles these types of scams. But this operation was carried out by a specific subgroup within this elite hacking team. The group’s evolution represents an increase in their operational methods since they traditionally conducted direct network intrusions.
The hackers used at least three known malware strains to execute their campaign against crypto specialists by conducting fake job interview attacks. Attack victims experienced compromised digital wallet access, which enabled the hackers to steal wallet credentials for additional business attacks.
Sanctions Violations
The establishment of North Korean-controlled companies in the United States constitutes a violation of both Treasury Department sanctions and United Nations restrictions on North Korean commercial activities.
State officials in New Mexico noted that the company registration complied with state statutes, using a registered agent with no apparent connection to North Korea. Similarly, New York authorities have not commented specifically on Softglide’s registration.
Financing Nuclear Ambitions
North Korea conducts this operation as part of its wider scheme to obtain foreign currency by executing illegal operations against financial institutions and cryptocurrency platforms. The nuclear missile program of North Korea receives funding through these operations based on assessments from the US, South Korean, and UN authorities.
The FBI ranks North Korean cyber attacks among the most advanced persistent threats that confront the United States due to their increasing digital sophistication.
Highlighted Crypto News Today:
Stablecoin Regulation: How Global Rules Are Shaping the Future of Crypto?
Read More
Will $TRUMP Token Bulls Challenge the Key $13.64 Resistance Level Again on April 26?
Federal Reserve Speculation Triggers Potential Rate Cut Concerns
North Korean Hackers Create Fake US Firms to Target Crypto Developers
- North Korean hackers created two US-registered companies (Blocknovas LLC and Softglide LLC) to target cryptocurrency developers with malware through fake job opportunities.
- The operation has been linked to the Lazarus Group, an elite North Korean hacking team operated by the country’s main foreign intelligence agency.
U.S. cybersecurity firm, Silent Push, reported that North Korean hackers used legitimate US business entities to deploy malware against cryptocurrency developers. These hackers developed an advanced scheme that used false job advertisements to trick developers into falling victim to their cyber attacks.
Three front organizations participated in the operation. Blocknovas LLC with New Mexico registration and Softglide LLC based in New York along with Angeloper Agency which lacks US registration. The entities used fake personas and addresses to create their presence while evading international sanctions.
“This represents a rare case where North Korean operatives successfully established legal corporate entities on US soil to create convincing fronts for targeting job applicants,”
explained Kasey Best, director of threat intelligence at Silent Push.
The FBI has since taken action, seizing at least one domain associated with Blocknovas as part of enforcement measures against North Korean cyber actors.
Links to Lazarus Group
A North Korean hacking team known as Lazarus Group operates under the Reconnaissance General Bureau, handles these types of scams. But this operation was carried out by a specific subgroup within this elite hacking team. The group’s evolution represents an increase in their operational methods since they traditionally conducted direct network intrusions.
The hackers used at least three known malware strains to execute their campaign against crypto specialists by conducting fake job interview attacks. Attack victims experienced compromised digital wallet access, which enabled the hackers to steal wallet credentials for additional business attacks.
Sanctions Violations
The establishment of North Korean-controlled companies in the United States constitutes a violation of both Treasury Department sanctions and United Nations restrictions on North Korean commercial activities.
State officials in New Mexico noted that the company registration complied with state statutes, using a registered agent with no apparent connection to North Korea. Similarly, New York authorities have not commented specifically on Softglide’s registration.
Financing Nuclear Ambitions
North Korea conducts this operation as part of its wider scheme to obtain foreign currency by executing illegal operations against financial institutions and cryptocurrency platforms. The nuclear missile program of North Korea receives funding through these operations based on assessments from the US, South Korean, and UN authorities.
The FBI ranks North Korean cyber attacks among the most advanced persistent threats that confront the United States due to their increasing digital sophistication.
Highlighted Crypto News Today:
Stablecoin Regulation: How Global Rules Are Shaping the Future of Crypto?
Read More
Will $TRUMP Token Bulls Challenge the Key $13.64 Resistance Level Again on April 26?