Skip to content
- North Korean hackers legally formed U.S. companies to target crypto developers.
- Malware was spread through fake job postings and interviews.
- The campaign violated U.S. and U.N. sanctions and compromised multiple victims.
North Korean hackers have taken crypto-related cyberattacks to a new level. For the first time, they legally set up companies in the United States to launch crypto operations. Two firms, Blocknovas LLC and Softglide LLC, were created using fake names and addresses in New Mexico and New York.
The motive was simple but dangerous: infecting cryptocurrency coders with malware. The attackers exploited false recruiter profiles to pose as likely employers. They infected potential job seekers with malicious files disguised as interviewing documents. The malware infected the systems and stole confidential data like credentials and crypto wallet keys.
The cybersecurity company Silent Push discovered the scheme. They identified the group as a Lazarus subgroup affiliated with North Korea’s military intelligence agency. Researchers also linked another actor, Angeloper Agency, to the campaign, although it did not register in the United States.
Crypto Shells Met Legal Requirements
They looked legitimate on the surface. Blocknova used a phony South Carolina location in filings that ended at a vacant lot. Softglide listed a location connected to a small tax firm in Buffalo. The state overlooked all of the filings.
They complied with state-level registration and employed legal representatives. Between the paperwork, however, there was a global threat. This action marks a change in the cyber strategies of North Korea. The creation of U.S.-based shell companies provided the hackers with a legitimacy layer.
It enabled them to remain inconspicuous and go undetected in the early stages. Silent Push said that the approach provided cyberattack perpetrators with the fastest route to U.S.-based victims. The Blocknovas website was seized by the Federal Bureau of Investigation. A warning now publicizes its connection to cybercrime. The FBI failed to elaborate, but representatives affirmed that they are actively addressing North Korean cyber threats.
Victims Targeted Through Blocknovas
The campaign is in breach of several international laws. It infringes U.S. Department of Treasury sanctions and United Nations restrictions on North Korea. The companies linked to North Korea’s Reconnaissance General Bureau.
This branch of the military oversees most of the nation’s cyber operations. The malware behind the attack wasn’t new. It was previously used in North Korean campaigns.
The tools facilitated remote entry, data stealing, and the deeper penetration of secure networks. Silent Push corroborated that a number of victims were exploited via Blocknovas. The attack illustrates the increasing audacity of North Korean cyber campaigns. It also reveals weaknesses in business registration networks that malicious actors could exploit.
Related Reading: Bitcoin Price Surges Past $90K, But Crypto Market Sentiment Begins to Cool
