Good day everyone,
I hope you are all having a good day, welcome to CryptoGod-1's blog on all things crypto. In this post I will be looking at how North Korea made use of fake United States firms for their spies to hack cryptocurrency developers.
North Korea Made Fake US Firms to Hack Crypto Devs
The United States cybersecurity firm Silent Push have indicated that cyber operatives from North Korea managed to infiltrate the United States corporate system as they launched a malware campaign aimed at crypto developers. This was reported by Reuters and noted how the North Korean hackers managed to set up two companies, Blocknovas LLC and Softglide LLC, using fake names and addresses in New Mexico and New York.
It was noted that these activities were aimed are circumnavigating US and UN sanctions aimed at preventing North Korea from funding its weapons programs through overseas operations. Another firm, known as Angeloper Agency, was also linked to the operation although it was never officially registered within the United States.
The famous hacker group known as the Lazarus Group is believed to be behind this, with this particular operation undertaken by a subgroup within the overall structure. This unit is known as the Reconnaissance General Bureau, Pyongyang’s foreign intelligence agency. The FBI also managed to secure Blocknovas’ domain last Thursday as they noted their actions were part of a broader law enforcement effort against North Korean actors using fake job offers to distribute malware.
Kasey Best, director of threat intelligence at Silent Push, stated:
“This is a rare example of North Korean hackers actually managing to set up legal corporate entities in the U.S. in order to create corporate fronts used to attack unsuspecting job applicants.”
Reuters also noted that the hackers are making use of fake job interviews to trick developers into downloading malware designed to access crypto wallets and developer credentials. They also managed to review public records which showed that Blocknovas was registered to a vacant lot in South Carolina. Paperwork from Softglide traced them back to a small tax office in Buffalo. It was revealed by Silent Push that Blocknovas was the most active of the three front companies and had already managed to compromise a number of victims.
The FBI had informed Reuters that the bureau continues “to focus on imposing risks and consequences, not only on the DPRK actors themselves, but anybody who is facilitating their ability to conduct these schemes.” One official noted that North Korean cyber operations are “perhaps one of the most advanced persistent threats” facing the United States.
The activities of these companies violate sanctions which were imposed by the US Treasury’s Office of Foreign Assets Control. This is also a breach of UN measures which were created to stop North Korea from funding its weapons programs through overseas businesses. It adds to the growing list of sophisticated operations by Pyongyang targeting the crypto industry. This also includes sending thousands of IT workers abroad in an attempt to carry out high-profile cyber heists. Their overall goal is the generation of funds for North Korea’s nuclear ambitions.
Kasey Best added:
“These attacks utilize fake personas offering job interviews, which lead to sophisticated malware deployments in order to compromise the cryptocurrency wallets of developers, and they also target the developers' passwords and credentials which could be used to further attacks on legitimate businesses.”
During the last few year North Korea have turned to using crypto-related crimes in an attempt at raising funds. Notably, it has been linked to a string of high-profile thefts, including the 2022 Axie Infinity hack.
Have a great day.
Peace. CryptoGod-1.
Referral Links and Follow Me:
