Close Menu
    Friday, April 10
    Top Stories:
    Crypto

    North Korean Hackers Create US Shell Companies to Target Crypto Developers

    Staff ReporterBy No Comments3 Mins Read

    Top Highlights

    1. Lazarus Group Activity: North Korean hackers linked to the Lazarus Group have established shell companies in the U.S. to distribute malware, violating U.S. sanctions and exposing vulnerabilities in business registration systems.

    2. Fake Job Scams: Using falsified identities and job postings on platforms like LinkedIn, hackers targeted cryptocurrency developers, leading them to download malware disguised as hiring software during fake interviews.

    3. Fraudulent Registrations: The companies involved (Blocknovas LLC and Softglide LLC) were registered with false information, complicating traceability; Blocknovas’s listed address was simply an empty lot.

    4. Ongoing Threats: This operation is part of a broader campaign by the Lazarus Group, which has a history of leveraging fake job offers for delivering malware, previously linked to significant cyber thefts like the $625 million Ronin Bridge hack.

    North Korean Hackers Set Up US Shell Companies to Target Crypto Developers: Report

    North Korean hackers, linked to the notorious Lazarus Group, have reportedly created shell companies in the United States. This tactic aims to distribute malware targeting cryptocurrency developers. Experts warn this strategy poses serious risks to developers and highlights weaknesses in U.S. business registration systems.

    According to a report by cybersecurity firm Silent Push, two companies—Blocknovas LLC in New Mexico and Softglide LLC in New York—were registered using fake names and addresses. These companies allowed hackers to masquerade as legitimate employers in the crypto sector. Furthermore, another entity, Angeloper Agency, has ties to this campaign but is not officially registered.

    Silent Push attributes this scheme to a subgroup within the Lazarus Group, which operates under North Korea’s Reconnaissance General Bureau. Known for high-profile cyber thefts, the group has increasingly targeted crypto developers. They leveraged fake professional profiles on platforms like LinkedIn to reach potential victims. Hackers invited these developers to fake interviews, urging them to download malware disguised as software necessary for the hiring process.

    Blocknovas LLC appears to be the most active entity and has multiple confirmed victims. An investigation revealed that its listed address in South Carolina was simply an empty lot. In contrast, Softglide registered through a tax preparation service in Buffalo, complicating tracking efforts. The malware they distributed can steal data and provide remote access, illustrating the sophistication of these cyber operations.

    Recently, the FBI seized the Blocknovas domain. A notice on its website confirmed its use for deceiving job seekers and spreading malware.

    The Lazarus Group has a history of exploiting fake job offers. Previous campaigns included "ClickFix," which targeted job seekers in the centralized finance crypto sector. Furthermore, they have impersonated reputable companies like Coinbase and Tether, tricking applicants into attending fake interviews.

    The implications of this cyber threat extend beyond individual victims. They reveal potential weaknesses in how businesses monitor registration and verify legitimacy. As the cryptocurrency landscape evolves, developers must remain vigilant against such threats. In doing so, they can foster a safer environment for innovation and technological advancement.

    Continue Your Tech Journey

    Dive deeper into the world of Cryptocurrency and its impact on global finance.

    Access comprehensive resources on technology by visiting Wikipedia.

    Disclaimer

    This content is for informational and entertainment purposes only and does not constitute financial or investment advice. Cryptocurrency is highly speculative and carries significant risk, including the potential loss of your entire investment. Do not make financial decisions based on this information. Consult a licensed financial advisor before investing. This site does not offer, sell, or advise on cryptocurrency, securities or other regulated financial products in compliance with SEC and applicable laws. Please do your own research and seek professional advise.

    CryptoV1

    Share.
    Avatar photo

    John Marcelli is a staff writer for IO Tribune, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

    Related Posts

    Add A Comment

    Comments are closed.