[Source: Reuters]

North Korean cyber spies created two businesses in the U.S., in violation of Treasury sanctions, to infect developers working in the cryptocurrency industry with malicious software, according to cybersecurity researchers and documents reviewed by Reuters.

The companies, Blocknovas LLC and Softglide LLC were set up in the states of New Mexico and New York using fake personas and addresses, researchers at Silent Push, a U.S. cybersecurity firm, told Reuters. A third business, Angeloper Agency, is linked to the campaign, but does not appear to be registered in the United States.

The hackers are part of a subgroup within the Lazarus Group, an elite team of North Korean hackers which is part of the Reconnaissance General Bureau, Pyongyang’s main foreign intelligence agency, Silent Push said.

The FBI declined to comment specifically on Blocknovas or Softglide. But on Thursday an FBI seizure notice posted to the website for Blocknovas said the domain was seized “as part of a law enforcement action against North Korean Cyber Actors who utilized this domain to deceive individuals with fake job postings and distribute malware.”

Ahead of the seizure FBI officials told Reuters that the bureau continues “to focus on imposing risks and consequences, not only on the DPRK actors themselves, but anybody who is facilitating their ability to conduct these schemes.”

One FBI official said North Korean cyber operations are “perhaps one of the most advanced persistent threats” facing the United States.

North Korea’s mission to the United Nations in New York did not immediately respond to a request for comment.

Silent Push was able to confirm multiple victims of the campaign, “specifically via Blocknovas, which is by far the most active of the three front companies,” the researchers said in a report, opens new tab shared with Reuters ahead of publication.

Stream the best of Fiji on VITI+. Anytime. Anywhere.