Hackers Create Fake Corporate Entities in the US To Fool Crypto Developers and Spread Malware: Report
North Korean hackers have been caught red-handed, creating fake corporate entities in the US as part of a sophisticated campaign to deceive crypto developers and spread malware. According to a report by Reuters, the notorious state-sponsored North Korean syndicate responsible for some of the biggest hacking operations in history has set up two sham corporations in New Mexico and New York - Blocknovas LLC and Softglide LLC.
Researchers at the cybersecurity firm Silent Push say that the companies were created using fake personas and addresses, with the primary goal of advertising fake jobs for crypto developers. The scheme involves offering enticing job opportunities to unsuspecting applicants, only to infect their wallets with malware once they respond.
"This is a rare example of North Korean hackers actually managing to set up legal corporate entities in the U.S. in order to create corporate fronts used to attack unsuspecting job applicants," said Kasey Best, director of threat intelligence at Silent Push. "These attacks utilize fake personas offering job interviews, which lead to sophisticated malware deployments in order to compromise the cryptocurrency wallets of developers, and they also target the developers' passwords and credentials which could be used to further attacks on legitimate businesses."
The FBI has not officially commented on the developments, but an official told Reuters that North Korean cyber operations are "perhaps one of the most advanced persistent threats" facing the US.
How it Works
The attack involves fake job postings and enticing messages to lure in crypto developers. Once the developer responds with their personal information or submits their credentials, the hackers deploy malware that compromises their cryptocurrency wallets. The malware can then be used to steal funds, send ransom demands, or even sell the compromised wallets on the dark web.
According to Silent Push, the attacks also target the developers' passwords and credentials, which could be used to further attacks on legitimate businesses.
FBI Seizes Domain
The Federal Bureau of Investigation (FBI) has taken action against North Korean hackers by seizing the domain of Blocknovas. According to an official statement, "This domain has been seized by the Federal Bureau of Investigation in accordance with a seizure warrant issued by the United States District Court for the Northern District of Texas as part of a law enforcement action against North Korean Cyber Actors who utilized this domain to deceive individuals with fake job postings and distribute malware."
"If you interacted with this site or submitted personal information, we recommend scanning your devices for malware and taking steps to protect your identity," the statement warns.
What's Next?
The ongoing North Korean hacking campaign highlights the growing threat of state-sponsored cyberattacks in the US. As North Korea continues to push the boundaries of cyber warfare, it is essential for developers and businesses to be vigilant and take proactive measures to protect themselves against such attacks.
Stay Safe
To avoid falling victim to these types of scams, users are advised to be cautious when responding to job offers or job postings from unknown sources. Here are some tips to stay safe:
- Be wary of job postings that seem too good to be true.
- Avoid responding to job offers with personal information or credentials.
- Use reputable antivirus software and keep it up-to-date.
- Regularly scan your devices for malware.
By being aware of these tactics and taking proactive steps, you can protect yourself against North Korean hackers' sophisticated campaigns.