Reuters reported on Thursday that North Korean cyber spies had established two fake companies in the United States and infected cryptocurrency industry developers with malware.
According to documents obtained by Reuters from the U.S. cybersecurity firm Silent Push, the hackers set up Blocknovas LLC in New Mexico and Softglide LLC in New York, both registered using fictitious identities and false addresses. A third organization, Angeloper Agency, is also believed to be linked to this operation, although its registration in the U.S. has not been confirmed.
Kasey Best, the director of Threat Intelligence at Silent Push, stated that North Korean hackers establishing legitimate companies in the U.S. to target job-seeking developers is an unusual tactic.
Silent Push believes that a subunit of the elite hacking group Lazarus, operating under North Korea’s Reconnaissance General Bureau, likely carried out this operation.
The FBI told Reuters that they would hold accountable not only North Korea but anyone involved in such fraudulent schemes. The FBI also announced that it had seized the Blocknovas website domain, stating it was part of legal action against North Korean cyber spies who attempted to deceive individuals with fake job postings and distribute malware.
The FBI explained that these attacks aim to spread malware by using fake personas offering job interviews, and targeting developers’ cryptocurrency wallets. The hackers also seek to obtain personal information, such as passwords, to potentially compromise companies.
According to Silent Push, Blocknovas was the most active among the involved entities, resulting in several confirmed victims.