News 
Coin Information 
About us 
Customer Service 
North Korean hackers posing as American tech entrepreneurs secretly registered companies in New York and New Mexico to infiltrate the crypto industry, cybersecurity firm Silent Push revealed Thursday.
Two fake firms—Blocknovas and Softglide—were incorporated using fabricated identities and addresses, part of a broader campaign linked to the Lazarus Group, a notorious North Korean cybercrime syndicate. Silent Push described it as a rare case of hostile foreign actors establishing legitimate corporate entities on U.S. soil to disguise malicious intent.
“These corporate fronts were designed to lure unsuspecting job applicants and compromise their systems,” said Kasey Best, Silent Push’s director of threat intelligence.
The scheme involved creating convincing LinkedIn-style profiles and fake job listings. Developers drawn into the interview process were then tricked into downloading malware disguised as application tools. Blocknovas was reportedly the most active of the fronts, despite its registered address being an empty lot in South Carolina. Softglide, meanwhile, was linked to a tax office in Buffalo.
Silent Push discovered malware in the campaign tied to previously known North Korean virus strains, capable of data theft, remote access, and secondary attacks such as ransomware deployment.
The FBI has since seized the Blocknovas domain. According to a notice posted on the site, it was taken down as part of a law enforcement action targeting North Korean actors who used the site to distribute malware and mislead job seekers.
The incident highlights North Korea’s continued reliance on cyberattacks to fund its regime, especially through illicit access to crypto assets, which has led to billions in losses across the industry.
Comment 0