- Lazarus Group disguised as US crypto firms to distribute malware.
- Fake companies target crypto sector workers.
- Malware aims to steal sensitive data.
North Korean state-sponsored hackers, reportedly from the Lazarus Group, used fake US-based crypto firms to distribute malware in a sophisticated job scam.
Recent activities by North Korean hackers highlight risks for the crypto industry, emphasizing the need for better verifications. There’s no immediate financial market disruption.
North Korean hackers from the Lazarus Group created fake firms, BlockNovas LLC, Angeloper Agency, and SoftGlide LLC, to launch malware attacks disguised as job offers for remote workers. These actions facilitate unauthorized access to sensitive information, posing a threat to the crypto industry. According to cybersecurity expert Zach Edwards, these hackers are willing to undergo intense KYC processes by registering fake businesses.
The scams target individuals seeking remote crypto-related work, leading victims to inadvertently install malware on their devices. This malware harvests data such as crypto wallet keys. While the financial impact on the crypto market remains unclear, there is heightened concern among developers and industry professionals. This development intensifies discussions on security frameworks and KYC protocols for remote job offers in the sector.
North Korea’s history of similar operations, like Operation Dream Job, signals an ongoing risk from state-sponsored hacking.
“They have now crossed the rubicon – they are willing to register a fake business and go through all the supposed KYC checks involved with that process, and were successful in the effort.” – Zach Edwards, Senior Threat Analyst, Silent Push, source
Experts advise enhanced scrutiny and verification processes in the crypto industry.
