North Korean hackers believed to be a subgroup of the Lazarus Group hacking collective have established fraudulent organizations in the U.S. to facilitate a malware campaign leveraging fake job lures against cryptocurrency developers, reports Reuters.
Following the registration of the front companies Blocknovas LLC and Softglide LLC in New Mexico and New York, respectively, threat actors used bogus personas in malicious job offers that resulted in the distribution of malware that not only exfiltrated cryptocurrency developers' cryptocurrency wallets and credentials but also enabled further network compromise, according to a report from Silent Push. Attackers were also noted to have created Angeloper Agency, which is registered outside the U.S. Meanwhile, Blocknovas, which was found to be most active among the discovered entities, had its domain sequestered by the FBI as part of a law enforcement operation. Such a development signifies the ongoing development of North Korean hacking schemes against the cryptocurrency industry.
Following the registration of the front companies Blocknovas LLC and Softglide LLC in New Mexico and New York, respectively, threat actors used bogus personas in malicious job offers that resulted in the distribution of malware that not only exfiltrated cryptocurrency developers' cryptocurrency wallets and credentials but also enabled further network compromise, according to a report from Silent Push. Attackers were also noted to have created Angeloper Agency, which is registered outside the U.S. Meanwhile, Blocknovas, which was found to be most active among the discovered entities, had its domain sequestered by the FBI as part of a law enforcement operation. Such a development signifies the ongoing development of North Korean hacking schemes against the cryptocurrency industry.
