Cybersecurity firm Silent Push has issued a stark warning about a rising wave of cyberattacks linked to North Korean state-sponsored hackers, specifically targeting cryptocurrency developers.
According to the firm, the threat actors—believed to be part of the infamous Lazarus Group—have launched a sophisticated malware campaign using fake companies and fraudulent job interview processes to compromise victims.
The attackers have reportedly created three shell companies—BlockNovas, Angeloper Agency, and SoftGlide—to distribute malware to unsuspecting developers. These firms masquerade as legitimate crypto platforms, using professional-looking websites and an extensive network of job listings to attract developers. Once a victim applies for a job, they are prompted to record an introduction video, during which an “error” occurs. This so-called error directs them to use a quick fix involving a malicious copy-paste command, which installs the malware.
A notable tactic in this campaign is the use of artificial intelligence to generate fake employee profiles. The hackers have fabricated numerous identities using AI-generated photos and, in some cases, have modified real images of developers to lend credibility to their scam. Silent Push highlighted this alarming manipulation, noting that real photos are subtly altered to deceive both job seekers and potential partners.
The FBI, while refraining from commenting on two of the U.S.-based shell companies, has confirmed the seizure of BlockNovas' domain in connection with its broader crackdown on North Korean cyber operations. The agency underscored the severity of these threats, labeling North Korea’s cyber efforts among the most persistent and advanced threats facing the U.S.
This revelation arrives amid a global uptick in crypto-related scams, prompting regulators like Australia’s ASIC to step up enforcement. In recent months, ASIC has shuttered 95 entities linked to pig butchering and similar fraudulent schemes, further emphasizing the urgent need for vigilance in the crypto space.
0 Comments