The North Korean pirates linked to the famous Lazare group of the State have managed to create screens companies in the United States to distribute malicious software to cryptocurrency developers, in a program that violates American sanctions and exposes major vulnerabilities in business recording systems.
According to Reuters, the Silent Push cybersecurity company revealed that two companies – Blocknovas LLC in New Mexico and SoftGlide LLC in New York – were formed using names, addresses and falsified documents, which helped North Korean actors present legitimate employers offering jobs in the crypto industry. A third entity, Angeloper Agency, was also linked to the campaign but was not registered in the country.
Square job offers, empty lots and malware
Silent attributed The operation in a subgroup within the Lazare group, a hacking unit sponsored by the State operating under the general recognition office of North Korea. The group is known for its role in cyber flights and high -level spy activities.
In this campaign, pirates used false professional profiles and job offers to approach developers, mainly on platforms such as Linkedin. Once the contact has been established, the victims were invited to “interviews” where they were encouraged to download malware disguised as job software or technical assessments.
Blocknovas was the most active entity, with several confirmed victims. Its physical address listed in South Carolina turned out to be an empty land. Meanwhile, Softglide was recorded through a Buffalo -based tax preparation service, which has still complicated the efforts to trace those behind operations. The malicious software used included strains previously attributed to North Korean cyber units, capable of data theft, remote access and network infiltration.
The FBI has entered the Blocknovas Domaine, with an opinion on its website indicating that it was used to deceive job seekers and spread malware.
North Korean malware trap
The Lazare group has repeatedly exploited false job possibilities to deliver malware. For example, he launched a cyber campaign called “clickfix” targeting job seekers in the centralized cryptocurrency sector (CEFI). The cybersecurity company, Sekoia, recently revealed that the group was pretending to be companies like Coinbase and Tether to Lure Marketing and Business Requests in false interviews.
One of the largest flights from Lazarus Crypto occurring in 2021 when a faux offer offer led to the hacking of $ 625 million Ronin Bridge targeting infinity.
Free binance $ 600 (EXCLUSIVE Cryptopotato): Use this link to record a new account and receive an exclusive welcome offer of $ 600 on Binance (all details).
Limited offer for cryptopotate players at Bybit: Use this link to record and open a free $ 500 position on any part!
