Overview
- North Korean hackers registered fake U.S. companies, Blocknovas LLC and Softglide LLC, using false identities and addresses to target cryptocurrency developers.
- The operation, tied to the Lazarus Group under North Korea’s Reconnaissance General Bureau, used fake job postings and interviews to deploy malware.
- Silent Push cybersecurity researchers confirmed multiple victims, with Blocknovas identified as the most active front in the campaign.
- The FBI seized the Blocknovas domain, citing its use in distributing malware and violating U.S. Treasury and U.N. sanctions against North Korean commercial activity.
- This campaign highlights North Korea's evolving strategy to exploit the crypto sector for funding its government and nuclear missile programs.