North Korean Hackers Use Fake U.S. Companies to Spread Malware in Crypto Industry: Report

BY admin user

North Korean hackers reportedly established seemingly
legitimate companies on U.S. soil to infiltrate the crypto sector, targeting
unsuspecting developers through fake job offers.

With legal registrations, corporate fronts, and social
engineering, the attackers concealed their true identities behind American
business facades to deliver malware until the FBI stepped in, according to security firm Silent Push, as quoted by the Japanese Times.

Corporate Fronts, Empty Lots, Real Threats

According to security firm Silent Push, two companies,
Blocknovas and Softglide, were registered in New Mexico and New York using
fabricated addresses and identities. These shell firms served as lures for
crypto developers seeking job opportunities.

Blocknovas, the more active of the two, listed a South
Carolina address that turned out to be an empty lot. Softglide’s paperwork
linked back to a Buffalo-based tax office.

The fake firms formed part of an advanced campaign by
a subgroup of the Lazarus Group, a state-sponsored cyber unit linked to North
Korea’s Reconnaissance General Bureau.

The hackers used fake job postings and LinkedIn-style
profiles to engage developers in interviews. During these interactions, the
victims were prompted to download files disguised as application materials or
onboarding documents.

The malware could steal data, provide backdoor access
to systems, and lay the groundwork for follow-up attacks using spyware or
ransomware. Silent Push confirmed that at least three known North Korean
malware types were used in the campaign.

FBI Moves In

Federal agents seized the Blocknovas domain, citing
its use in distributing malware. A notice now posted on the site confirms that
the action was part of broader law enforcement efforts against North Korean
cyber actors.

The FBI did not comment directly on the companies
involved but emphasized its ongoing focus on exposing and punishing DPRK-backed
cybercrime.

The scheme violates both U.S. and United Nations
sanctions. North Korea is barred from engaging in commercial activities
designed to aid its government or military. OFAC, the Treasury’s enforcement
body, prohibits North Korean-linked entities from operating within the United
States.

This campaign is part of a broader strategy by North
Korea to exploit the crypto ecosystem. The country’s cyber units have stolen billions in
digital assets and dispatched thousands of IT professionals overseas to
generate funds, efforts widely believed to support Pyongyang’s nuclear weapons
program.

This article was written by Jared Kirui at www.financemagnates.com.

Related Posts

Crypto

Arthur Hayes calls on ‘degenerates’ to celebrate as TRUMP aims for $100 billion market cap

Recently, Arthur Hayes, the co-founder and CEO of BitMEX, made a bold prediction about cryptocurrency markets. He believes that if President Trump manages to raise the United States’ GDP to $30 trilli

Crypto

DePIN needs a more cohesive narrative for mass adoption — Web3 exec

According to data from CoinMarketCap, the decentralized physical infrastructure network sector has a market capitalization of over $27 billion.

Crypto

IOTA Makes Global Waves with World Economic Forum TradeTech Partnership

The World Economic Forum selected IOTA for its Sandbox project due to its potential to transform trade systems through real-time settlement, asset tracking, etc. It will co-develop digital trade stand

Copyright © 2025 | WordPress Theme: Xews Lite