North Korea Spies Used Fake US Firms to Hack Crypto Developers: Report

Cyber operatives from North Korea infiltrated the US corporate system to launch a malware campaign aimed at crypto developers, Reuters reported Friday.

According to US cybersecurity firm Silent Push, North Korean hackers set up two companies, Blocknovas LLC and Softglide LLC, using fake names and addresses in New Mexico and New York.

Meanwhile, a third firm, Angeloper Agency, was also linked to the operation. However, it has not been officially registered in the country.

This campaign is tied to a subgroup within the Lazarus Group, a North Korean hacking unit under the Reconnaissance General Bureau, Pyongyang’s foreign intelligence agency.

Our team at Silent Push has been hard at work on the largest report we’ve ever made public – and along with Reuters – today we’re explaining how North Korean threat actors associated with the “Contagious Interview” subgroup created 3 front companies…

Further, the FBI reportedly seized Blocknovas’ domain on Thursday, stating the action was part of a broader law enforcement effort against North Korean actors using fake job offers to distribute malware.

In its report, Reuters said the hackers use fake job interviews to trick developers into downloading malware designed to access crypto wallets and developer credentials.

Further, Reuters reviewed public records showing Blocknovas was registered to a vacant lot in South Carolina. Meanwhile, Softglide’s paperwork traced back to a small tax office in Buffalo. Silent Push said Blocknovas was the most active of the three front companies. It had already compromised multiple victims.

Collectively, these activities violate sanctions imposed by the US Treasury’s Office of Foreign Assets Control. They also breach UN measures designed to stop North Korea from funding its weapons programs through overseas businesses.

The incident adds to a growing list of sophisticated operations by Pyongyang targeting the crypto industry. These include sending thousands of IT workers abroad and carrying out high-profile cyber heists. The goal is to generate funds for North Korea’s nuclear ambitions.

Over the past few years, North Korea has increasingly turned to crypto-related crimes to raise funds. Notably, it has been linked to a string of high-profile thefts, including the 2022 Axie Infinity hack.

Parallely, the regime has also sent thousands of IT workers overseas. These workers are said to secretly send their earnings back to the state. Moreover, these activities are believed to support North Korea’s weapons program. Reports say stolen crypto assets have helped fund its ballistic missile development.

The post North Korea Spies Used Fake US Firms to Hack Crypto Developers: Report appeared first on Cryptonews.