North Korea’s state-backed hackers reportedly disguised themselves as American businesses in an elaborate cyber campaign targeting crypto developers, according to a Friday report by Reuters.
The scheme involved setting up front companies such as Blocknovas LLC and Softglide LLC using fake identities and addresses located in New Mexico and New York. A third entity, Angeloper Agency, was associated with the operation but lacked official registration records in the US.
FBI Intervenes as Lazarus Group Escalates Cyber Warfare
US cybersecurity firm Silent Push attributed the effort to a subgroup of the Lazarus Group, a hacking collective controlled by North Korea’s Reconnaissance General Bureau. The FBI has taken action by seizing Blocknovas’ domain, confirming it was part of an extensive malware campaign.
Hackers reportedly lured developers with fake job opportunities, using interviews to install malicious software capable of hijacking wallet data and developer credentials.
Public documents revealed Blocknovas was registered at a vacant South Carolina lot, while Softglide’s listed address traced back to a Buffalo tax office. Silent Push flagged Blocknovas as the most active entity, with several successful intrusions recorded.
These operations violate multiple US sanctions and UN mandates aimed at halting North Korea’s foreign revenue streams used to support weapons development.
Crypto Exploits Fuel North Korea’s Military Goals
This latest revelation sheds more light on North Korea’s covert use of crypto theft and IT infiltration to support its weapons program. Alongside direct hacking attempts, the regime has dispatched thousands of IT professionals abroad who secretly remit earnings to fund military operations.
The country’s reliance on stolen crypto has been well documented, including its involvement in the $600M Axie Infinity hack. These funds are widely believed to contribute to North Korea’s ballistic missile ambitions, according to US and international security reports.
