North Korean Hackers Create Fake U.S. Businesses to Target Crypto Devs
Multiple victims have been targeted by a North Korean campaign aimed at cryptocurrency developers, utilizing fake U.S. companies. Two fraudulent firms, Blocknovas LLC and Softglide LLC, were established by North Korean cyber spies to distribute malware. A third firm, Angeloper Agency, is also linked to this campaign but is not registered in the U.S. The FBI has seized the Blocknovas website due to its involvement in deceiving individuals with fake job postings and malware distribution. The attacks involved fake personas offering job interviews, leading to sophisticated malware deployments that compromised cryptocurrency wallets and stole credentials. This campaign is attributed to a subgroup of North Korea's Lazarus Group, which has previously executed significant cyberattacks, including a $1.4 billion hack of crypto exchange Bybit. North Korean IT workers are reportedly infiltrating teams in various countries using fake resumes. The FBI aims to impose risks on those facilitating these cyber schemes.
