North Korea hackers create false companies to aim developers: Report

By Hannah Pérez

A group of hackers linked to Lazarus Group registered false entities in the US as part of an effort elaborated to compromise cryptocurrency developers through deceptive job offers.

***

• An elaborate piracy campaign from North Korea includes registration of real entities.
• The attackers created entities in New York and New Mexico to aim at crypto developers.
• It is part of a trick to steal cryptocurrencies through deceptive job offers.

---

North Korean computer pirates are perfecting their elaborate tricks to steal cryptocurrencies, including creating fictitious entities in the United States as lures to point to developers.

A recent security firm report Silent Push, which was collected by several news media, revealed that these hacker groups registered ghost companies in New York and New Mexico as part of an effort elaborated to compromise cryptocurrency developer equipment with malware –or malicious software.

The entities Blocknovas and Softglideregistered in New Mexico and New York, respectively were created using fictional identities and directions as part of a piracy campaign linked to Lazarus Groupaccording to reports.

Researchers would also have discovered a third entity, under the name of Angeloper Agencyalso linked to the malicious campaign, but is not registered in the United States.

The objective of establishing entities was to have a lure to inject computer viruses into cryptocurrency developer equipment through false work interviews, according to the team of Silent Push.

North Korean hackers use royalfilling companies

The sophisticated trick uses fake profiles in the style of LinkedIn and online work publications to attract cryptocurrency engineers to work interviews. Then, during the recruitment process, these are deceived to discharge malware disguised as employment application tools.

The malware used in the campaign, which, as detailed COINDESKincludes three virus strains previously linked to the cyber units of North Korea, It is used to compromise its digital asset wallets and steal credentials to facilitate new attacks on legitimate companies in the industry.

These programs can steal data, provide remote access to infected systems and serve as input points for additional spyware or ransomware, adds that publication.

Hackers would have taken advantage of artificial intelligence (AI) tools to create false employees for company profiles with the aim of legitimacy to job offers. They also used false directions to establish entities.

“This is a rare example of North Korean hackers who really manage to establish legal corporate entities in the United States to create corporate fronts used to attack unsuspecting employment applicants”said Kasey Best, director of intelligence of threats of Silent Pushaccording to the medium in question.

The FBI has taken over the domain on the website of Blocknovashe reported Reuters. A notice published on the site indicates that it was withdrawn “as part of a police action against cyber actors in North Korea who used this domain to deceive people with false work publications and distribute malware ”.

Lazarus Group and its massive cryptocurrencies

The use of false profiles on LinkedIn and deceptive job offers, is not new by North Korean computer pirates, who for years have been perfecting their campaigns to attack off guard and steal their cryptocurrencies.

A few weeks ago, the security team of Google He warned that North Korean cyber agents are infiltrating in European -based companies using false identities, including fictitious residence roles and illegitimate university degrees. They point to companies from Blockchain in countries such as the United Kingdom, Germany and Portugal with remote work offers.

The infamous hacker organization Lazarus Group It is possibly the best known for its high profile attacks on cryptocurrency projects. Among them, hacking to the bridge stands out Ronin of Axie Infinity In 2021, in which one false job offer committed an employee of Sky Mavis –The company behind Ronin– which allowed Lazarus to steal USD $ 625 million.

Another remarkable success was the hacking of the bridge Horizon In 2022, where similar tactics led to a theft of USD $ 100 million systems Harmonywars. Recently, Lazarus was identified as responsible for a massive theft of more than USD $ 1.5 billion against centralized exchange Bybitalthough no relationship with work campaigns was found.

The operations of Lazarus They have stolen more than USD $ 3 billion in cryptocurrencies since 2017, according to UN estimates and Chainysiswith attacks based on false job offers that generate a significant part of these income.

---

Hannah Estefanía Pérez / Diariobitcoin

Image of Unspash

WARNING: Diariobitcoin offers informative and educational content on various topics, including cryptocurrencies, AI, technology and regulations. We do not provide financial advice. Cryptactive investments are high risk and may not be adequate for all. Investigate, consult an expert and verify the applicable legislation before investing. I could lose all its capital.