Multiple victims have been attacked by what appears to be a North Korean campaign that targets cryptocurrency developers using fake U.S. companies.

According to a Reuters report, two fake companies, Blocknovas LLC and Softglide LLC, were created by North Korean cyber spies to infect developers in the crypto industry with malicious software.

According to U.S. cybersecurity firm Silent Push, the fake companies were under the control of a hacker subgroup of North Korea's Lazarus Group—part of the Reconnaissance General Bureau, Pyongyang's main foreign intelligence agency. The firms were set up in New Mexico and New York using fake details, in violation of Office of Foreign Assets Control and UN sanctions.

A third firm, Angeloper Agency, was linked to the campaign by Silent Push, but does not appear to be registered in the U.S.

On Thursday the FBI placed a seizure notice on the website for Blocknovas, which said it was seized "as part of a law enforcement action against North Korean Cyber Actors who utilized this domain to deceive individuals with fake job postings and distribute malware."

The attacks used fake personas to offer job interviews, following which “sophisticated malware deployments” were used to compromise cryptocurrency wallets, gain passwords, and steal credentials.

According to Silent Push, there have been "multiple victims" of this campaign, with the Blocknovas front being the most active of the two.

North Korea's phishing campaigns

This is just the latest example of North Korea's cyber operations, which one FBI official described as “perhaps one of the most advanced persistent threats” facing the United States.

North Korea's Lazarus Group, which was responsible for February's $1.4 billion hack of crypto exchange Bybit, is now thought to be branching out into phishing campaigns targeting the crypto industry.

Earlier this month, Manta co-founder Kenny Li was targeted by a phishing attempt that bore the hallmarks of Lazarus Group's MO, using a fake Zoom call as a vector to distribute malware. And a recent GTIG report found that North Korean IT workers are infiltrating teams across the U.S., UK, Germany, and Serbia, using fake resumes and forged documents to pose as legitimate developers.

The FBI said that it continues to "focus on imposing risks and consequences, not only on the DPRK actors themselves, but anybody who is facilitating their ability to conduct these schemes."

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。