North Korean Hackers Targeting Crypto Developers With U.S. Shell FirmsIllicitly downloaded programs can steal data, provide remote access to infected systems, and serve as entry points for additional spyware or ransomware. Apr 25, 2025, 7:15 a.m. What to know:
• North Korean hackers, like, created fake companies in the U.S. to target crypto developers, according to some security firm Silent Push.
• The operation, like, involved making up businesses, Blocknovas and Softglide, connected to the Lazarus Group.
• The FBI, apparently, seized the Blocknovas domain, citing its involvement in spreading malware through fake job postings.
North Korean hackers pretending to be American tech entrepreneurs, like, sneakily registered companies in New York and New Mexico to mess with crypto developers, Silent Push said on Thursday. Two businesses, Blocknovas and Softglide, were made using fake identities and addresses, linked to a subgroup of the Lazarus Group. These hackers have, like, stolen a lot of crypto in the past years by using fancy tricks and strategies to target folks who don’t see it coming.
Kasey Best, director of threat intelligence at Silent Push, said, “This is a rare example of North Korean hackers actually managing to set up legal corporate entities in the US in order to create corporate fronts used to attack unsuspecting job applicants.” The hackers’ game plan is sneaky yet effective: they use fake LinkedIn-style profiles and job postings to, like, trick crypto developers into interviews where they download malware thinking it’s a job application tool.
Silent Push found many victims of this operation, especially those contacted through Blocknovas, which they say was the most active of the three fake companies. The address listed for the firm in South Carolina, seems to be an empty lot, while Softglide was registered through a tax office in Buffalo, New York. The malware used in this scheme includes at least three virus strains linked to North Korean cyber units and can do some shady stuff like stealing data or providing remote access to infected systems.
The FBI, per Reuters, seized the Blocknovas domain as part of a law enforcement action against North Korean cyber actors using it to deceive people with fake job postings and distribute malware.
