The Reveal Platform
Intel Name: Crypto wasted: bluenoroff’s ghost mirage of funding and jobs
Date of Scan: October 30, 2025
Impact: Medium
Summary: BlueNoroff (also known as APT38, Sapphire Sleet, and TA444) — a financially motivated North Korean threat group — continues its SnatchCrypto operation, targeting blockchain developers and Web3 executives. The group has evolved its tactics with new infiltration methods and malware families. Recent campaigns, GhostCall and GhostHire, use fake investment and job offers to trick victims in the crypto and blockchain sector, aiming to steal digital assets and sensitive credentials.
