Allegedly, cyber operatives from North Korea have utilized an advanced new strategy by setting up two phony businesses within the United States using fake names and addresses. As reported, the objective of this elaborate plan was to bypass US Treasury restrictions and hack into the computers of cryptocurrency developers using a kind of malware. This case demonstrates a disturbing new trend in the approach taken by sponsored hacking cartels to obtain funds illegally, particularly from the very profitable and frequently exposed cryptocurrency industry.
Revealing the Deceptive Companies
The research conducted on these activities, as noted in a report by Reuters that cited researchers from the US cybersecurity company Silent Push, determined two principal companies: Blocknovas LLC and Softglide LLC. These companies were incorporated in New Mexico and New York. They used spurious names and addresses to disguise the actual persons behind these companies. One more business is alleged to be involved in this operation, Angeloper Agency, but it is ambiguous from the available data whether it is registered. According to the report, this is established by the Angeloper Agency. Because the USA is a country that sets any external branch of a company.
The Modus Operandi: Targeting Job Seekers
Through these shell companies, the North Korean hackers employed the scheme of targeting job seekers within the cryptocurrency developer niche. As part of the scheme, these individuals were supposedly captured through job postings made by the fraudulent companies. Then, the elaborate ruse would go as far as attempting to conduct faux job interviews. This exchange was a means of distributing malware. As explained by Kasey Best, Silent Push’s director of threat intelligence, “These attacks use fake personas offering job interviews, which results in malware being deployed that infects developers’ cryptocurrency wallets and steals their credentials.” By applying this method, the attackers are able to obtain valuable information and digital resources in trust exploitation maintained by the job application process.
Revealing the Deceptive Companies
Everything about Softglide and Blocknovas has seemingly been linked to a Lazarus Group subfaction by the hackers Silent Push is investigating. As for the group of Blocknovas, its affiliation with North Korea’s dark world of cyber espionage is self-evident. As is commonly known, the elite cyber unit of North Korea, Lazarus Group, is believed to possess connections with the Reconnaissance General Bureau of North Korea, responsible for spying, sabotage, and cyber warfare types of intelligence activities. It works directly under the North Korean government, implying that the Blocknovas and Softglide hackers have the support of the state. While the FBI is quiet about these concerns, the mere publication of the Blocknovas website seizure notice signals acceptance of its illegitimate handling. Tracking North Korean cybercriminals, they were able to block Blockover fucker domains using blockover as a domain name for posting fictitious resume services, which enables programmers to post computer internet jobs for free.
FBI Reaction and Their Views
U.S. authorities are making efforts to mitigate this imminent threat. Although not confirming further details regarding Blocknovas or Softglide, the FBI’s enforcement action, which includes a seizure notice on Blocknovas’ website, indicates that some form of action is being taken. Blocknovas, like Softglide System Technologies, seemingly operated under the protective umbrella of North Korea’s cyber darkness, oblivious to the strong enforcement action coming their way. Softglide may be servicing Blocknovas as an assistant in crime, but the bulk of spiraling devastations would rest under the North Korean principal actors, as the directors and managers of untold destruction.
Primarily, described criminal North Korean drivers round up everybody, making the deals as facilitators irrelevant. It was stated by Rough, without mentioning his name, an official within the law enforcement agency, that North Korea’s cyber operations maintained a permanent establishment as “one of the most advanced persistent threats” to the US. While the claim was waiting in response about the report, North Korea’s mission to the United Nations in New York was, rather unsurprisingly, said to be unavailable to the people.
Motivation and Escalation of Tactics
The primary motivation behind North Korea’s continual focus on the cryptocurrency domain is the generation of unlawful revenue to support its regime and, more importantly, to fuel its nuclear missile program. The United States, South Korea, and the United Nations have remarked earlier about Pyongyang employing thousands of IT workers, many of whom are based abroad, whose covert mission is to financially sustain these endeavors through all possible means.
It is commonly believed that North Korean hackers perpetrated some of the most notorious cryptocurrency thefts, including the attack on Bybit, which allegedly saw digital assets worth $1.5 billion being siphoned off. The receipt of evidence regarding the formation of bogus companies based in the United States with the purpose of aiding in these attacks is, however, in the view of experts and other authorities, a deeply worrying and immensely sophisticated change in their methods of operation. This action indicates a far greater desire to operate directly within target jurisdictions, which complicates counteraction.
