North Korean hacker group established a dummy company in America – distributing malware to cryptoasset developers | CoinDesk JAPAN

• North Korean hackers have established a fake company in America to target cryptoasset developers, as revealed by the security firm Silent Push.
• In this operation, the Lazarus Group and associated fictitious companies “Blocknovas” and “Softglide” were established.
• The FBI seized the Blocknovas domain for being used to distribute malware through fake job postings.

North Korean hackers disguised themselves as American technology entrepreneurs and secretly established companies in New York and New Mexico. This is part of an operation targeting developers in the cryptoassets (virtual currency) industry, as announced by the security firm Silent Push on April 24.

The two companies, Blocknovas and Softglide, were established using fictitious identities and addresses. This operation is linked to a subgroup within the Lazarus Group.

The Lazarus hacker group, supported by North Korea, has targeted unsuspecting individuals and companies over the past few years, using advanced techniques and strategies to steal billions of dollars worth of cryptoassets.

“This is a rare case where North Korean Hackers actually established a legitimate company in America and created a front company for attacks targeting unsuspecting job seekers,” said Kasey Best, the Threat Intelligence Director at Silent Push.

The tactics of hackers are clever and effective. They lure cryptoasset developers into interviews with fake LinkedIn-style profiles and job postings, and during the hiring process, they lead them to download malware disguised as a recruitment tool.

Silent Push points out that multiple victims of this operation have been identified, particularly noting that many victims were contacted through Blocknovas. It was stated that Blocknovas was the most active among the front companies. It was revealed that the registered address of Blocknovas in South Carolina is a vacant lot, while Softglide was registered with the tax office in Buffalo, New York.

Silent Push added that the malware used in the campaign includes at least three virus strains linked to North Korea’s cyber units. These programs steal data, provide remote access to infected systems, and serve as pathways for additional spyware and ransomware.

According to reports from Reuters, the Federal Bureau of Investigation (FBI) has seized the domain of Blocknovas. A notice posted on the site explains that this domain was deleted “as part of law enforcement action because it was used by North Korean cybercriminals to deceive individuals with fake job postings and distribute malware.”