This post is also available in:
עברית (Hebrew)
A recent cybersecurity investigation has revealed that North Korean cyber operatives created two U.S.-based companies, Blocknovas LLC and Softglide LLC, in direct violation of U.S. Treasury sanctions. These companies were established to distribute malware to cryptocurrency developers through fake job offers, according to researchers at Silent Push, a U.S. cybersecurity firm. The discovery, detailed by Reuters, underscores the increasingly sophisticated methods North Korean hackers use to target individuals in the cryptocurrency sector.
The two companies, registered in New Mexico and New York, were listed under false identities and addresses. Silent Push’s researchers identified the entities as part of an ongoing campaign by the Lazarus Group, a well-known North Korean hacker collective. The group’s activities are coordinated through the Reconnaissance General Bureau (RGB), Pyongyang’s primary foreign intelligence agency. According to Reuters, this marks a rare instance of North Korean hackers using legitimate U.S. corporate structures to carry out cyberattacks, a tactic designed to bypass detection and exploit unsuspecting job seekers.
The cyberattack campaign targeted cryptocurrency developers by offering fake job interviews that ultimately led to malware infections. The malware, which is designed to steal sensitive information such as wallet credentials and passwords, can further compromise legitimate businesses and their operations. Silent Push said that Blocknovas was the most active of the three companies used in this campaign, causing significant concern within the cybersecurity community.
The FBI seized the Blocknovas domain after uncovering its involvement in spreading malicious software, stating the agency’s focus on curbing North Korean cyber operations, which are considered one of the most advanced and persistent threats to U.S. cybersecurity.
These efforts are part of North Korea’s broader strategy to exploit the global cryptocurrency market to fund its regime. The establishment of fraudulent U.S. businesses by North Korean operatives not only violates international sanctions but also highlights the evolving nature of cyber espionage and its potential to disrupt critical industries.
