TECH NEWS – North Korean hackers discovered a serious blind spot in US security, exploiting cryptocurrency companies by setting up fake businesses. An Asian cybercrime group created dummy firms to spread malicious software.

A significant component of the new US political strategy has centered around emphasizing the value of cryptocurrencies. Despite the considerable debate surrounding digital currencies, endorsements from figures like Donald Trump and Javier Milei have greatly increased public interest. However, North Korea identified and exploited this rising trend, executing an ingenious cyberattack targeting Americans directly.

A few months ago, a North Korean hacker collective orchestrated a massive €1.5 billion cryptocurrency theft. According to recent information revealed by Reuters, it is now clear that the perpetrators were from the Lazarus Group, an elite branch within North Korea’s military intelligence. The hackers established several fictitious companies within the US, specifically aiming to infiltrate crypto-related businesses using diverse malware variants. Firms such as Blocknovas LLC, Softglide LLC, and Angeloper Agency were all façades.

The US Failed to Detect the Fraud

According to the original report, the North Korean hackers leveraged these fake companies to conduct fictitious job interviews, during which malware was covertly distributed. This activity violated US Treasury sanctions as well as UN regulations, compelling the FBI to take immediate action, including seizing the Blocknovas domain as part of its broader initiative against cybercrime from the Asian nation. Unfortunately, US authorities took longer than necessary to identify North Korea’s cunning strategy.

Primarily, the malware was designed to steal login credentials but also enabled network infiltration and facilitated the theft of cryptocurrency wallets. These funds supported North Korea’s nuclear missile program, while the regime also deployed technical workers internationally. Unfortunately, the US, much like Japan’s counterintelligence, failed to identify the fraudulent activity quickly, as the fake applications formally adhered to all US regulatory guidelines.

Source: 3djuegos