Lazarus Group Behind Fake US Firms Targeting Crypto Workers – Report

The Lazarus Group has reportedly launched two U.S.-based businesses in violation of Treasury sanctions, using them to spread malware to crypto developers.

Cybersecurity researchers and documents reviewed by Reuters reveal that Blocknovas LLC and Softglide LLC — two businesses tied to the North Korea-linked cyber hacking group — were established in New York and New Mexico using fake identities and addresses. A third company, Angeloper Agency, is also connected to the operation, although it does not appear to be officially registered in the United States.

“This is a rare example of North Korean hackers actually managing to set up legal corporate entities in the U.S. in order to create corporate fronts used to attack unsuspecting job applicants,” Kasey Best, director of threat intelligence at cybersecurity firm Silent Push, said.

Silent Push revealed that the hackers involved belong to a subgroup within the Lazarus Group. On Thursday, an FBI seizure notice appeared on Blocknovas’ website, stating that the domain had been seized “as part of a law enforcement action against North Korean Cyber Actors who utilized this domain to deceive individuals with fake job postings and distribute malware.”

Prior to the seizure, FBI officials told Reuters they remain focused on holding both the Democratic People’s Republic of Korea (DPRK) hackers and their enablers responsible.

Best noted a tactic often employed by these malicious actors, involving fake identities to lure developers into job interviews. During the process, sophisticated malware is deployed to access crypto wallets and steal passwords and credentials, which can then be used to launch further attacks against legitimate businesses.

Silent Push identified several victims tied to the operation, with researchers noting in a report shared with Reuters that “Blocknovas, by far the most active of the three front companies.”

The registration for Blocknovas listed an address in Warrenville, South Carolina, which, when checked on Google Maps, shows as an empty lot. Meanwhile, Softglide’s registration traces back to a small tax office located in Buffalo, New York.

As authorities continue to investigate the extent of the Lazarus Group’s operations, cybersecurity experts warn that the growing sophistication of these tactics underscores the evolving threats facing the global digital economy. 

With malicious actors increasingly using legitimate-looking fronts to deceive their targets, companies and individuals in the tech and crypto sectors must remain vigilant and proactive in securing their operations against such sophisticated attacks.

Read More

• North Korea’s Lazarus Group Expands Crypto Holdings After Bybit Hack
• North Korea’s Lazarus Group Targets Crypto Developers with Malware
• Lazarus Group Levels Up with Fake Blockchain Game in Crypto Heist

Michaela has no crypto positions and does not hold any crypto assets. This article is provided for informational purposes only and should not be construed as financial advice. Disclaimer: The Shib Magazine and The Shib Daily are the official media and publications of the Shiba Inu cryptocurrency project. Readers are encouraged to conduct their own research and consult with a qualified financial adviser before making any investment decisions.