Particle.news

Download on the App Store

North Korean Hackers Used U.S. Shell Companies to Target Crypto Developers

The FBI has seized domains linked to Blocknovas LLC and Softglide LLC, fronts for malware campaigns orchestrated by a Lazarus Group subgroup to steal cryptocurrency and credentials.

A projection of cyber code on a hooded man is pictured in this illustration picture taken on May 13,  2017. Capitalizing on spying tools believed to have been developed by the U.S. National Security Agency, hackers staged a cyber assault with a self-spreading malware that has infected tens of thousands of computers in nearly 100 countries. REUTERS/Kacper Pempel/Illustration     TPX IMAGES OF THE DAY
Image

Overview

  • North Korean hackers registered fake U.S. companies, Blocknovas LLC and Softglide LLC, using false identities and addresses to target cryptocurrency developers.
  • The operation, tied to the Lazarus Group under North Korea’s Reconnaissance General Bureau, used fake job postings and interviews to deploy malware.
  • Silent Push cybersecurity researchers confirmed multiple victims, with Blocknovas identified as the most active front in the campaign.
  • The FBI seized the Blocknovas domain, citing its use in distributing malware and violating U.S. Treasury and U.N. sanctions against North Korean commercial activity.
  • This campaign highlights North Korea's evolving strategy to exploit the crypto sector for funding its government and nuclear missile programs.