North Korean Hackers Used American Shell Companies to Hack Crypto Developers

North Korean hackers have set up businesses in the United States, exposing clients to their websites and infecting their computers with crypto-stealing malware. The fake companies were registered under business names and even had rental properties associated with their registration. Three businesses have been identified, including Blocknovas, Softglide, and Angeloper Agency.

This forms a sophisticated attack that incorporates elements of social engineering to lure potential targets into spreading crypto-stealing malware. Angeloper Agency was the one business that was not registered as a legal entity. The other two firms, Blocknovas and Softglide, were registered. The FBI seized Blocknovas’ website and stated that North Korean hackers created the site, which used fake job postings to distribute malware.

The shell companies, Blocknovas, Angeloper, and Softglide, spread malware through fake job interviews. An extensive network of job postings was used to lure people into clicking on the website. Two of the companies, Blocknovas and Softglide, were registered as legal companies, thus making it easy for the fake recruiters to post job vacancies on third-party websites. The job postings targeted crypto developers. During the signup process, an error message occurred, requiring a manual fix, which then allowed the malware to be installed. 

Three types of Malware were used for the attack. These include BeaverTail, Invisible Ferret, and Otter Cookie. BeaverTail is used to steal information and to pave the way for further malware attacks. InvisibleFerret and OtterCookie are used to steal crypto keys and copy clipboard data. Blocknovas was the primary website for the attack. Most of the job applicants went through this website. This is why the FBI seized the Blocknovas site and warned visitors about what the site was doing.

American officials claim that the hack forms a broader pattern of North Korean hackers stealing funds to raise hard currency. The hackers are stealing cryptocurrency because the proceeds can be easily anonymized. The hackers, further, need hard currencies to fund their nuclear programmes in North Korea. The strategy has been very successful, with many large-scale attacks occurring regularly.

North Korea, allegedly, has dispatched thousands of IT workers to collect as much funding as possible to finance their expensive nuclear weapons research and development programme. The Office of Foreign Assets Control (OFAC) sanctioned North Korea for developing nuclear weapons. Any American business that works with North Korea is breaching the OFAC sanctions. Crypto investors, meanwhile, have just another security concern to contend with. Cryptocurrencies are very effective at sending funds across borders. Unfortunately, the exact mechanisms that can secure funds can also be used to secure a hacker’s stolen funds. There may be a greater demand for security experts in the crypto field to address the growing number of security breaches occurring.