According to documents reviewed by cybersecurity researchers and Reuters, North Korean hackers have violated U.S. Treasury sanctions by establishing two companies in the United States, using malware to attack developers in the cryptocurrency industry and infiltrating their crypto wallets.
Researchers from U.S. cybersecurity firm Silent Push pointed out that these two companies, Blocknovas LLC and Softglide LLC, are located in New Mexico and New York, respectively, and were set up using false identities and addresses. Additionally, a company named Angeloper Agency is also linked to this hacking activity, but it does not appear to be registered in the United States.
Silent Push stated that these hackers belong to a subgroup of the North Korean hacking organization known as the Lazarus Group, which is affiliated with the North Korean Reconnaissance General Bureau, the country’s primary foreign intelligence agency.
The Federal Bureau of Investigation (FBI) declined to comment specifically on Blocknovas or Softglide. However, on Thursday, the FBI posted a seizure notice on the Blocknovas website, indicating that the domain was seized as part of a law enforcement action against North Korean cyber actors who used the domain to publish false job postings to deceive the public and spread malware.
This type of action demonstrates North Korea’s strategic shift towards targeting the cryptocurrency industry to raise funds. According to the United States, South Korea, and the United Nations, in addition to stealing foreign currency through hacking, North Korea has also sent thousands of IT workers overseas, generating millions of dollars annually for Pyongyang’s nuclear missile program.
Source: Related Reports: “The Stolen Coins Are the Most Appealing! North Korea Establishes ‘227 Research Center’ to Enhance Hacking Techniques Using AI” “The DeFi Edge Tells the Story: How Impoverished and Isolated North Korea Established an Efficient Hacking Force.”
