North Korean Cyber Spies Establish U.S. Businesses To Violate Treasury Sanctions
Please note that we are not authorised to provide any investment advice. The content on this page is for information purposes only.
North Korean cyber spies have launched two businesses in the United States, breaking Treasury sanctions. According to cybersecurity researchers, the cyber spies set up these businesses to target cryptocurrency developers with harmful software.
Silent Push, a U.S. cybersecurity firm, explained that the companies, Blocknovas LLC and Softglide LLC, were registered in New Mexico and New York using fake identities and addresses. Researchers also linked a third business, Angeloper Agency, to the same operation, although it does not appear to be officially registered.
North Korean Hackers Create Fake U.S. Businesses To Steal Cryptocurrency Data
The director of threat intelligence at Silent Push stated that this case stands out as a rare example of North Korean hackers forming legal businesses in the U.S. These businesses were created to build fake companies meant to attack unsuspecting job seekers.
The hackers are said to belong to a subgroup within the Lazarus Group, an elite team working under North Korea’s main foreign intelligence service, the Reconnaissance General Bureau.
The FBI declined to comment on Blocknovas or Softglide. However, an official notice posted to the Blocknovas website revealed that the FBI seized the domain because it was being used by North Korean cyber groups to post fake job ads and spread malware.
Officials emphasized that efforts continue to apply pressure not only on the hackers but also on anyone helping them operate. One FBI official described North Korean cyber threats as some of the most serious and persistent facing the United States. However, North Korea’s mission to the United Nations did not reply to requests for a statement.
Researchers explained that the attacks involve fake personas offering fake job interviews, which then install malware to steal cryptocurrency wallets, passwords, and credentials from developers. The stolen information is then used to attack real businesses.
Silent Push confirmed that several victims have already been targeted, especially through Blocknovas, which has been the most active of the three companies.
North Korean Hackers Use Fake Addresses To Fund Government Activities
Registration documents showed that Blocknovas used an address in Warrenville, South Carolina, which appears to be an empty lot. Softglide was registered through a small tax office in Buffalo, New York. Researchers said they could not find the people named in the documents.
Experts observed that this operation fits into North Korea’s wider efforts to raise money for its government by attacking cryptocurrency businesses. North Korea has also been sending IT workers overseas to earn millions in foreign money, helping fund its nuclear weapons program.
Specialists explained that setting up a company tied to North Korea’s intelligence services in the United States violates rules from the Office of Foreign Assets Control, part of the Treasury Department. It also breaks United Nations sanctions banning North Korean commercial activities that support its government or military.
The New York Department of State declined to comment. The New Mexico Secretary of State’s office explained that the company registration followed state rules and that there was no way to know the company’s ties to North Korea at the time.
Researchers added that the hackers used at least three strains of malware during the operation. These programs are designed to steal information, gain access to networks, and download more harmful software.
