Experts from the Silent Push group have uncovered a network of three fake companies used by hackers from the Contagious Interview group to carry out criminal activities. The perpetrators lured victims with job offers, spreading malicious software.
This is reported by Finway
Two of these three firms were registered in the United States. According to information, the hackers, likely linked to the North Korean government, created three shell crypto companies for breaches. The names of these companies are BlockNovas LLC, SoftGlide LLC, and Angeloper Agency, with the first two registered in New Mexico and New York.
Operational Scheme and Attack Methods
According to the report, the organizer of this criminal scheme is the Contagious Interview group, which has ties to the Lazarus Group. The perpetrators actively use fake identities, fictitious addresses, and generated images to create the appearance of a real business. The main target of this scheme is developers in the crypto sphere, and they find potential victims through advertisements on the GitHub portal and job search websites.
Experts pointed out that hackers use various types of malware, such as BeaverTail, InvisibleFerret, and OtterCookie. The exact number of victims remains unknown; however, according to chief analyst Zack Edwards, some of them are public figures.
Methods of Malware Distribution
Edwards also revealed one of the ways the virus spreads. During an attempt to record a video while filling out a form, the victim encounters an error and receives an offer for a “fix” that needs to be entered into the command line, leading to data theft.
“The Federal Bureau of Investigation (FBI) has blocked access to the BlockNovas site, as confirmed by a placeholder when attempting to visit the page,” the expert reported.
It was also previously noted that analysts from the Google Threat Intelligence Group (GTIG) discovered that North Korean hackers targeted companies in Europe, posing as IT segment employees to gain access to corporate data.