A new investigation has uncovered how North Korean cyber operatives formed bogus American firms to gain access to crypto developers and their assets. As reported by Reuters, these activities form part of a larger effort to circumvent US and UN sanctions.
Security researchers at Silent Push identified two shell companies—Blocknovas LLC and Softglide LLC—registered under false names and addresses in the US, along with a third unregistered group, Angeloper Agency.
FBI Seizes Website, Links Campaign to Lazarus Group
This sophisticated malware scheme was traced back to a faction within the infamous Lazarus Group, operated by Pyongyang’s foreign intelligence bureau. The FBI seized Blocknovas’ domain on Thursday in an attempt to shut down the malware distribution infrastructure.
The attackers reportedly impersonated recruiters offering job interviews to unsuspecting developers, convincing them to download malware that harvested wallet access and sensitive credentials.
Documents show Blocknovas’ US address belonged to an empty plot in South Carolina, while Softglide’s location led to a tax office in New York. Silent Push confirmed that Blocknovas had already infected several targets.
These acts breach US Treasury OFAC sanctions and UN international resolutions designed to stop North Korea’s military financing through overseas shell firms.
Cybercrimes Play Growing Role in Pyongyang’s Arms Financing
The report further cements the growing evidence that North Korea is actively using cryptocurrency theft and covert IT operations to fund its military and nuclear programs.
Beyond hacking, the country has reportedly deployed IT contractors abroad who send home earnings disguised as freelance payments. The cumulative funds from these operations are thought to directly support the development of ballistic missiles and nuclear technologies.
The Axie Infinity attack in 2022 was among the largest examples of this strategy, and with tactics growing more sophisticated, Western authorities are increasing efforts to monitor and disrupt North Korea’s digital operations.
