Lazarus Group uses fake firms to spread malware to the crypto industry
The FBI has seized the Blocknovas website, which was part of a campaign to spread malware to crypto developers, linked to North Korean hackers.
North Korean hackers, believed to be part of the Lazarus Group, have created fake US businesses to target cryptocurrency developers. According to cybersecurity firm Silent Push, two companies, Blocknovas LLC and Softglide LLC, were set up to infect victims with malicious software.
These companies were established using false information in New York and New Mexico, violating international sanctions.
The attacks involved job offers that led to ‘sophisticated malware deployments,’ aimed at compromising cryptocurrency wallets and stealing credentials. The FBI has since seized the Blocknovas website, which had been used to deceive individuals and distribute malware.
Silent Push noted that multiple victims had fallen victim to the scam, with Blocknovas being the most active front in the campaign.
The phishing operation is just one example of North Korea’s ongoing cyber activities. The Lazarus Group has previously been responsible for high-profile hacks, including the $1.4 billion attack on crypto exchange Bybit in February.
The FBI continues to focus on imposing risks and consequences for those facilitating these cyber operations.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
About author
DW Team
The GIP Digital Watch Observatory team, consisting of over 30 digital policy experts from around the world, excels in the fields of research and analysis on digital policy issues. The team is backed by the creative prowess of Creative Lab Diplo and the technical expertise of the Diplo tech team.
