North Korean Hackers' Bold Move: Fake U.S. Companies Used to Snare Crypto Devs

Lazarus Group's Sneaky Shell Game

Hold onto your hats, folks! The notorious Lazarus Group from North Korea just pulled off a wild stunt right under Uncle Sam's nose. Cybersecurity sleuths at Silent Push have blown the whistle on these cyber spies setting up not one, but two shell companies in the U.S. to trick crypto developers into downloading nasty malware.

Shell Companies: A Closer Look

These crafty hackers named their U.S. fronts Blocknovas LLC and Softglide LLC, setting up shop in New Mexico and New York with nothing but fake names and bogus addresses. And get this—the spot listed for Blocknovas in Warrenville, South Carolina? It's just an empty lot! Meanwhile, Softglide's supposed Buffalo, New York address? Just a tiny tax office. And those contact persons? Nowhere to be found!

Silent Push Sounds the Alarm

Kasey Best, the brains behind threat intelligence at Silent Push, couldn't believe his eyes. "This is a rare example of North Korean hackers actually managing to set up legal corporate entities in the U.S.," he said, shaking his head. The Lazarus Group's plan? Lure in crypto and web3 devs with fake job apps, then hit them with at least three types of malware straight from North Korea's cyber arsenal.

The Malicious Masterplan

These cyber crooks use their fake aliases to offer sham job interviews, aiming to infect developers' systems with slick malware. Their goal? To swipe those precious crypto wallets and pilfer passwords and credentials, setting the stage for even bigger hits on legit businesses.

Lazarus Group: Notorious Hackers

The brains behind these shell companies are said to be part of a slick subgroup within the Lazarus Group, connected to Pyongyang's main foreign intel agency, the Reconnaissance General Bureau. These guys are no amateurs—they're the masterminds behind some of the biggest crypto heists ever, including the recent Bybit hack that cost a staggering $1.5 billion.

Authorities Respond

When asked about these shady shell companies and their possible North Korean ties, the New York Department of State played it cool, declining to comment. Over in New Mexico, the secretary of state's office shrugged, saying they had no clue about the firm's North Korean connection.

FBI Strikes Back

But the FBI wasn't having it. On April 24, they slapped a domain seizure notice on the Blocknovas website, declaring, "as part of a law enforcement action against North Korean Cyber Actors who utilized this domain to deceive individuals with fake job postings and distribute malware."