North Korean Operatives Are Using Fake American Companies to Lure Crypto Developers

North Korean hackers have reportedly managed to create two fake companies in the U.S., slipping past Treasury Department sanctions in an effort to target crypto developers with malware. The companies, Softglide LLC and Blocknovas LLC were registered in New York and New Mexico, respectively, using fake addresses and names.

According to a Silent Push research cited by Reuters, Blocknovas was registered with an address in Warrenville, South Carolina, but when checked on Google Maps, the location turned out to be an empty piece of land. Meanwhile, Softglide’s registration is linked to a tax office based in Buffalo.

A third company, known as Angeloper Agency, is also tied to the operation, though its official registration details remain uncertain.

Silent Push’s findings suggest that the group responsible for these actions is a branch of the infamous North Korean cyber unit Lazarus Group, which is purportedly affiliated with Pyongyang’s Reconnaissance General Bureau.

Although the FBI did not make direct comments about Softglide or Blocknovas, authorities issued a seizure notice that appeared on Blocknovas’ website this past Thursday. According to the notice, North Korean cybercriminals used the site to covertly transmit malware and entice users with phony employment listings.

FBI representatives mentioned they are determined to hold North Korean hackers and anyone aiding them accountable. An official quoted in the report described North Korean cyber operations as one of the most sophisticated and persistent threats currently facing the United States.

Kasey Best, the director of threat intelligence at Silent Push, noted that the attacks often involve hackers posing as recruiters or companies offering jobs. When victims engage, malware is deployed, allowing hackers to steal crypto wallet information and login credentials.

North Korea has increasingly turned to cybercrime, especially targeting the crypto industry, to generate illicit revenue that supports its government. Experts believe North Korean hackers were behind the Bybit crypto theft which resulted in a loss of around $1.5 billion.

Previously, the UN, the U.S., and South Korean agencies warned that North Korea had dispatched thousands of IT workers overseas to fund its missile and nuclear programs.

The move to set up businesses on American soil marks a significant escalation. It breaches the Treasury Department’s Office of Foreign Assets Control (OFAC) sanctions, as well as UN restrictions, both of which forbid North Korea from conducting commercial activities intended to back its regime or military efforts.

Major companies like Riot Platforms (NASDAQ: RIOT) need to take proactive steps to keep their employees vigilant so that they don’t fall afoul of the nefarious intentions of crypto hackers and the organizations behind them.

About CryptoCurrencyWire

CryptoCurrencyWire (“CCW”) is a specialized communications platform with a focus on blockchain and the cryptocurrency sector. It is one of 70+ brands within the Dynamic Brand Portfolio @ IBN that delivers: (1) access to a vast network of wire solutions via InvestorWire to efficiently and effectively reach a myriad of target markets, demographics and diverse industries; (2) article and editorial syndication to 5,000+ outlets; (3) enhanced press release enhancement to ensure maximum impact; (4) social media distribution via IBN to millions of social media followers; and (5) a full array of tailored corporate communications solutions. With broad reach and a seasoned team of contributing journalists and writers, CCW is uniquely positioned to best serve private and public companies that want to reach a wide audience of investors, influencers, consumers, journalists and the general public. By cutting through the overload of information in today’s market, CCW brings its clients unparalleled recognition and brand awareness. CCW is where breaking news, insightful content and actionable information converge.

To receive SMS alerts from CryptoCurrencyWire, text “CRYPTO” to 888-902-4192 (U.S. Mobile Phones Only)

For more information, please visit https://www.CryptoCurrencyWire.com

Please see full terms of use and disclaimers on the CryptoCurrencyWire website applicable to all content provided by CCW, wherever published or re-published: https://www.CryptoCurrencyWire.com/Disclaimer

CryptoCurrencyWire
New York, NY
www.CryptoCurrencyWire.com
212.994.9818 Office
Editor@CryptoCurrencyWire.com

CryptoCurrencyWire is powered by IBN