4月25日 (星期五) ｜26°C 86%

新城八大家

新城音統會

|

直播 / 重溫

節目表	足本重溫	即時串流報價	港股	牛熊證	認股證	指數
業界明燈	大行報告	104財經科專禔研習

即市搏擊

朱明亮朱子昭阮子曦郭家耀李浩德朱晉民

news

》財經新聞　　》時事新聞

《上一篇下一篇》

日期：

．

China, Russia and Iran jointly discuss Iran's nuclear program
25/04 10:01

．

South Korea denies report on commitments
25/04 09:56

．

US prosecutors to seek death penalty
25/04 09:54

．

US plans Alaska LNG summit
25/04 09:52

．

Indonesia aims for sale of 100,000 electric vehicles by 2025
25/04 06:32

．

People in Japan stage rallies against sexual assaults by U.S. servicemen
25/04 06:32

．

Cambodia, Thailand committed to expanding trade ties
25/04 06:32

．

Israeli soldier killed, 2 others injured in Gaza
25/04 06:31

．

Pakistan announces countermeasures against India
25/04 06:31

．

3 killed, 5 injured as explosion hits vehicle in SW Pakistan
25/04 06:31

1

North Korean hackers set up U.S. firms to target crypto developers

25/4/2025 6:26

North Korean cyber

spies created two businesses in the U.S., in violation of

Treasury sanctions, to infect developers working in the

cryptocurrency industry with malicious software, according to

cybersecurity researchers and documents reviewed by Reuters.

The companies, Blocknovas LLC and Softglide LLC were set up

in the states of New Mexico and New York using fake personas and

addresses, researchers at Silent Push, a U.S. cybersecurity

firm, told Reuters. A third business, Angeloper Agency, is

linked to the campaign, but does not appear to be registered in

the United States.

“This is a rare example of North Korean hackers actually

managing to set up legal corporate entities in the U.S. in order

to create corporate fronts used to attack unsuspecting job

applicants,” said Kasey Best, director of threat intelligence at

Silent Push.

The hackers are part of a subgroup within the Lazarus Group,

an elite team of North Korean hackers which is part of the

Reconnaissance General Bureau, Pyongyang’s main foreign

intelligence agency, Silent Push said.

The FBI declined to comment specifically on Blocknovas or

Softglide. But on Thursday an FBI seizure notice posted to the

website for Blocknovas said the domain was seized “as part of a

law enforcement action against North Korean Cyber Actors who

utilized this domain to deceive individuals with fake job

postings and distribute malware.”

Ahead of the seizure FBI officials told Reuters that the bureau

continues “to focus on imposing risks and consequences, not only

on the DPRK actors themselves, but anybody who is facilitating

their ability to conduct these schemes.”

One FBI official said North Korean cyber operations are

“perhaps one of the most advanced persistent threats” facing the

United States.

North Korea's mission to the United Nations in New York did

not immediately respond to a request for comment.

“These attacks utilize fake personas offering job interviews,

which lead to sophisticated malware deployments in order to

compromise the cryptocurrency wallets of developers, and they

also target the developers' passwords and credentials which

could be used to further attacks on legitimate businesses,” Best

said.

Silent Push was able to confirm multiple victims of the

campaign, “specifically via Blocknovas, which is by far the most

active of the three front companies,” the researchers said in a

report shared with Reuters ahead of publication.

SANCTIONS

Reuters reviewed registration documents for Blocknovas and

Softglide filed in New Mexico and New York, respectively.

Reuters was unable to locate the persons named in the

registration documents.

Blocknovas' registration listed a physical address in

Warrenville, South Carolina, that appears on Google Maps to be

an empty lot. Softglide appears to have been registered by a

small tax office in Buffalo, New York.

The activity represents the continuing evolution in the

sprawling North Korean efforts to target the cryptocurrency

sectors in a bid to raise cash for the North Korean government.

In addition to stealing foreign currency via hacks, North Korea

has dispatched thousands of IT workers overseas to bring in

millions to finance Pyongyang's nuclear missile programme,

according to the United States, South Korea and the United

Nations.

The presence of a North Korean-controlled company, registered by

the RGB, in the United States is a violation of Office of

Foreign Assets Control sanctions. OFAC is part of the Treasury

Department. It also violates United Nations sanctions that

prohibit North Korean commercial activity designed to assist the

isolated country’s government or military.

The New York Department of State told Reuters it does not

comment on companies registered in the state. The New Mexico

secretary of state’s office told Reuters in an email on Thursday

that the company was registered in the state's online Domestic

LLC system. "The filing was in compliance with state statute,

using a registered agent, and there would be no way our office

would know its connection to North Korea," an office

representative said.

The hackers sought to infect applicants for fake jobs with

at least three strains of known malware previously linked to

North Korean cyber operations. The malware linked to the

campaign by Silent Push can be used to steal information,

facilitate access to networks and load additional forms of

malware.

|

	回主頁｜關於我們｜使用條款及細則｜版權及免責聲明｜私隱政策｜聯絡我們
新城廣播有限公司版權所有，不得轉載。 Copyright © Metro Broadcast Corporation Limited. All rights reserved.