North Korea has once again made headlines for breaching US Treasury sanctions through an audacious cyber scheme. According to the US cybersecurity firm Silent Push, North Korean spies set up three companies, Blocknovas LLC, Softglide LLC, and  Angeloper Agency, using fake personas and addresses. The findings expose the regime’s brazen attempt, reinforcing its reputation for deceptive cyber operations. 

The cybersecurity agency Silent Push found that the two companies, Blocknovas LLC and Softglide LLC, were set up in New Mexico and New York, respectively. Meanwhile, Angeloper Agency is not registered in the US. These companies have been accused of infecting developers working in the cryptocurrency industry with malware. Kasey Best, the director of threat intelligence at Silent Push, stated 

“This is a rare example of North Korean hackers actually managing to set up legal corporate entities in the U.S. in order to create corporate fronts used to attack unsuspecting job applicants.” 

About the modus operandi of the spies, the director remarked 

“These attacks utilize fake personas offering job interviews, which lead to sophisticated malware deployments in order to compromise the cryptocurrency wallets of developers, and they also target the developers’ passwords and credentials, which could be used to further attacks on legitimate businesses.”

Buzz of Cyber Warfare

The US cyber agency alleges that the Reconnaissance General Bureau, North Korea’s main foreign intelligence agency, is backing this spy group. Silent Push found that the spies are a subgroup of the Lazarus Group, the apex North Korean hackers group. 

Although the Federal Bureau of Investigation (FBI) declined to comment on these two companies, the bureau seized Blocknovas, notifying 

“As part of a law enforcement action against North Korean Cyber Actors who utilized this domain to deceive individuals with fake job postings and distribute malware.”

In the contemporary world of hybrid warfare, this kind of cyber espionage operation is not something unusual. The US Cybersecurity and Infrastructure Security Agency (CISA) also found in its annual overview of North Korea’s cyber threat that the regime’s cyber program has become sophisticated and agile. It also stated that the North Korean cyber attackers have matured, and in their ongoing cyber campaign, cryptocurrency-related attacks are likely to happen.