North Korea’s cyber spies have reportedly established fake businesses in the United States to infiltrate the crypto industry and dupe crypto developers. The cyber spies allegedly violated US Treasury Department sanctions and showed a growing sophistication in North Korea’s digital tactics.
North Korea’s Spies Infiltrate the Crypto Industry
Researchers from US-based cybersecurity firm Silent Push revealed that two companies including Blocknovas LLC and Softglide LLC, were legally registered in New Mexico and New York, respectively, using fabricated identities and addresses. A third entity, Angeloper Agency, was linked to the operation but did not appear to be formally registered in the US
Kasey Best, Director of Threat Intelligence at Silent Push, described the effort as an unusual and advanced ploy. “This is a rare example of North Korean hackers successfully setting up legal entities in the US as corporate fronts to launch attacks on unsuspecting job seekers,” she said.
The cybercriminals involved are believed to be part of a specialized subgroup of the Lazarus Group, North Korea’s hacking group tied to the Reconnaissance General Bureau, Pyongyang’s main intelligence agency.
Blocknovas was the most active of the three companies, according to Silent Push, and was used to lure cryptocurrency developers with fake job opportunities. Once engaged, victims were infected with malware designed to steal sensitive credentials, passwords, and crypto wallet data, tools that could also enable further attacks on legitimate firms.
The FBI, which posted a seizure notice on Blocknovas’ website, confirmed that the domain was used in a broader campaign by North Korean cyber actors involving fake job postings and malware distribution. Although the FBI did not directly comment on the companies, officials reaffirmed their commitment to disrupting such threats and holding both the hackers and any facilitators accountable.
Reports suggest that Blocknovas listed a fake address in South Carolina, while Softglide was registered through a small tax office in Buffalo, New York. Both registrations seemed to abide by state procedures. This made it difficult for local officials to detect any connection to North Korea.
The incident highlights Pyongyang’s increasingly aggressive strategy to exploit the crypto industry for funds that reportedly support North Korea’s sanctioned nuclear weapons program.
Also Read: OpenAI Bans North Korean Hacker Group Accounts Over Malicious Activities
