Lazarus Group hackers launch massive cyberattack on cryptocurrency developers

The North Korean government-controlled hacker group Lazarus organized a sophisticated cyber operation targeting cryptocurrency developers through fictitious American companies. According to Silent Push, an analytical company, the group operated through a unit specializing in cyber espionage, creating two shell companies: Blocknovas LLC (registered in New Mexico) and Softglide LLC (in New York).

The cybercriminals offered fictitious vacancies to cryptocurrency developers. In the course of «interviews» or technical interaction, victims unknowingly installed malware that gave the attackers access to digital wallets and confidential codes that provide control over blockchain projects.

The operation was based on social engineering and a high level of technical disguise. The pages of the pseudo-firms looked plausible and appealed to modern tech startups. At the same time, their goal of stealing assets and compromising the infrastructure of blockchain companies remained unchanged.

The response from U.S. law enforcement agencies was not long in coming. The Federal Bureau of Investigation has already shut down Blocknovas' Internet resources, blocking the further spread of malicious components among crypto professionals.

This is not the first time that Lazarus Group has used fake companies to attack the cryptocurrency industry. Such actions underscore the vulnerability of even tech-savvy communities to sophisticated, multi-level cyberattacks originating from government agencies.