North Korean cyber spies created two businesses in the U.S., in violation of Treasury sanctions, to infect developers working in the cryptocurrency industry with malicious software, according to cybersecurity researchers and documents reviewed by Reuters.
The companies, Blocknovas LLC and Softglide LLC were set up in the states of New Mexico and New York using fake personas and addresses, researchers at Silent Push, a U.S. cybersecurity firm, told Reuters. A third business, Angeloper Agency, is linked to the campaign, but does not appear to be registered in the United States.
“This is a rare example of North Korean hackers actually managing to set up legal corporate entities in the U.S. in order to create corporate fronts used to attack unsuspecting job applicants,” said Kasey Best, director of threat intelligence at Silent Push.
The hackers are part of a subgroup within the Lazarus Group, an elite team of North Korean hackers which is part of the Reconnaissance General Bureau, Pyongyang’s main foreign intelligence agency, Silent Push said.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
A Russian state-backed hacking group is executing one of the most far-reaching cyber espionage campaigns ever seen, infiltrating critical infrastructure across multiple continents by exploiting vulnerabilities in IT management software.
The operation, attributed to the notorious Russian threat actor Seashell Blizzard, has compromised high-profile targets in energy, telecommunications, defense, and government sectors, including in the US, Canada, Australia, and the UK, Microsoft said in a report.
The software major has warned that the scale and persistence of these attacks pose an immediate and severe risk to global cybersecurity.
“Active since at least 2021, this subgroup within Seashell Blizzard has leveraged opportunistic access techniques and stealthy forms of persistence to collect credentials, achieve command execution, and support lateral movement that has at times led to substantial regional network compromises,” Microsoft said in the report.
Seashell Blizzard’s activities align with those tracked by other security vendors under various names, including BE2, UAC-0133, Blue Echidna, Sandworm, PHANTOM, BlackEnergy Lite, and APT44.
Russian cyber warfare expands beyond Ukraine
The hacking subgroup tracked as the “BadPilot campaign,” has been active since at least 2021, originally focusing on Ukraine and Europe. Microsoft reports that the operation has now extended its reach into North America, Central Asia, and the Middle East.
The geographical targeting to a near-global scale expands Seashell Blizzard’s operations beyond Eastern Europe,” said the report.
Seashell Blizzard, linked to Russia’s Military Intelligence Unit 74455 (GRU), has a long history of cyberespionage and destructive cyberattacks aligned with Kremlin interests.
This latest campaign demonstrates the group’s growing sophistication in leveraging stealth tactics and opportunistic access methods to gain control of high-value networks.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
