Cyber operatives from North Korea have been identified as infiltrating the US corporate system in order to launch a malware campaign targeting crypto developers, as reported by Reuters. The hackers utilized two fake companies, Blocknovas LLC and Softglide LLC, with fabricated names and addresses in New Mexico and New York. Additionally, a third entity, Angeloper Agency, was also linked to the operation, although it had not been officially registered in the country.
This nefarious campaign has been attributed to a subgroup within the Lazarus Group, a North Korean hacking unit operating under the Reconnaissance General Bureau, which is Pyongyang’s foreign intelligence agency. According to Silent Push, a US cybersecurity firm, the hackers associated with the “Contagious Interview” subgroup created these front companies to carry out their malicious activities.
In response to these cyber threats, the FBI took action by seizing Blocknovas’ domain, as part of a larger law enforcement effort aimed at combating North Korean actors who use fake job offers to distribute malware. The hackers employed deceptive tactics such as fake job interviews to trick developers into downloading malware that could compromise crypto wallets and developer credentials.
Reuters also uncovered that Blocknovas was registered to a vacant lot in South Carolina, while Softglide’s paperwork led back to a small tax office in Buffalo. Blocknovas was identified as the most active of the three front companies, having already compromised multiple victims. These activities not only violate sanctions imposed by the US Treasury’s Office of Foreign Assets Control but also contravene UN measures intended to prevent North Korea from funding its weapons programs through overseas businesses.
This incident is just one example of North Korea’s ongoing efforts to target the crypto industry through sophisticated operations. The regime has been involved in various cyber heists and illicit activities in order to generate funds for its nuclear ambitions. In recent years, North Korea has increasingly engaged in crypto-related crimes to raise capital, including its involvement in high-profile thefts like the 2022 Axie Infinity hack.
Furthermore, reports suggest that North Korea has dispatched thousands of IT workers overseas, who covertly funnel their earnings back to the state. These activities are believed to support the regime’s weapons program, with stolen crypto assets allegedly contributing to the funding of ballistic missile development.
In conclusion, the utilization of fake US firms by North Korean spies to hack crypto developers highlights the ongoing challenges posed by cyber threats in the crypto industry. It underscores the importance of robust cybersecurity measures and international cooperation to combat illicit activities in the digital space.