North Korea computer pirates linked to the notorious Lazarus group of the State have successfully established ghost companies within the United States to distribute malware to cryptocurrency developers, in a scheme that violates the sanctions of the United States and exposes great vulnerabilities in business registration systems.
According to Reuters, the Silent Push cybersecurity firm revealed that two companies, Blocknovas LLC in New Mexico and Softglide LLC in New York, were formed using falsified names, addresses and documentation, which helped the actors of North Korea to raise as legitimate employers who offered work in the cryptographic industry. A third entity, Angeloper’s agency, has also been linked to the campaign, but has not registered in the country.
Estafa, empty lots and malware jobs
Silent thrust attributed The operation to a subgroup within the Lazarus Group, a piracy unit sponsored by the State that operates under the General Office of Recognition of North Korea. The group is known for their role in high -profile cyber thefts and espionage activities.
In this campaign, computer pirates used false professional profiles and work publications to approach developers, mainly on platforms such as LinkedIn. Once the contact was made, the victims were invited to “interviews” where they were encouraged to download malware disguised as contracting software or technical evaluations.
Blocknovas was the most active entity, with multiple confirmed victims. It was discovered that his physical address in the list in South Carolina was an empty lot. Meanwhile, Softglide was recorded through a buffalo -based tax preparation service, which further complicated efforts to track those behind the operations. The malware used included strains previously attributed to the cyber units of North Korea, capable of data theft, remote access and additional network infiltration.
The FBI has seized the Blocknovas domain, with a warning on its website that indicates that it was used to deceive employment applicants and disseminate malware.
North Korea malware trap
The Lazarus group has repeatedly exploited false employment opportunities to deliver malware. For example, he had launched a cybernetic campaign called “Clickfix” aimed at employment applicants in the cryptographic centralized finance sector (CEFI). The cybersecurity firm Sekoia recently revealed that the group is passed through companies such as Coinbase and Tether to attract marketing and business applicants for false interviews.
One of Lazarus’s biggest cryptographic robberies occurred in 2021, when a false job offer led the Ronin bridge hack of $ 625 million aimed at Axie Infinity.
Free Binance $ 600 (Cryptopotato Exclusive): Use this link to record a new account and receive an exclusive welcome offer of $ 600 in Binance (Complete details).
Limited offer for Cryptopotate readers at Bybit: Use this link to register and open a free $ 500 position in any currency!
