North Korean Cyber Spies Set Up US Companies to Target Cryptocurrency Industry

In a growing effort to bypass international sanctions, North Korean cyber operatives have allegedly set up multiple companies in the United States to further their cyber espionage campaign. A detailed investigation by Reuters, in collaboration with cybersecurity researchers from Silent Push, reveals that these entities—Blocknovas LLC and Softglide LLC—were established using fake identities to distribute malware aimed at individuals in the cryptocurrency sector. This complex scheme highlights North Korea’s escalating involvement in cybercrime, which it uses not only for illicit gains but also to fund its controversial missile program.

The two companies, based in New Mexico and New York, were registered using fabricated personal details and false addresses. Blocknovas was listed in New Mexico, with its address pointing to an empty lot, while Softglide was registered through a minor tax office in Buffalo, New York. Despite their fraudulent registrations, both companies were connected to North Korea’s Lazarus Group, a hacking collective tied to the country’s intelligence service, the Reconnaissance General Bureau (RGB). A third, Angeloper Agency, is believed to be part of this network, though its U.S. registration is unclear.

This scheme is another indication of North

The Scope of North Korea’s Cyber Operations

North Korea’s cyber strategy goes far beyond mere hacking for financial gain. For years, reports from the United States, South Korea, and the United Nations have outlined how the nation uses cybercrime to fund its nuclear weapons program. Silent Push’s research suggests that North Korean hackers aren’t just focusing on stealing cryptocurrency; they are also actively trying to recruit individuals within the tech industry to unwittingly help their cause.

Kasey Best, director of threat intelligence at Silent Push, notes that this operation represents a rare example of North Korean hackers setting up legitimate U.S. companies as fronts for cyberattacks. These companies not only facilitated the malware distribution but also served as a vehicle for deception, tricking job applicants into downloading harmful software.

What Undercode Says: North Korea’s Growing Cyber Power and Its Implications

The revelation of North Korean cyber operatives creating U.S.-based companies to launder their illicit activities sheds light on the sophistication of the nation’s cyber espionage programs. For years, cybersecurity experts have warned about the threats posed by North Korean cyber operations, with many labeling them as some of the most advanced and persistent in the world.

The use of corporate entities as shields for cybercrime is a significant development in the ongoing arms race between state-sponsored hackers and cybersecurity defenders. By establishing these legitimate companies, North Korea has found a way to bypass traditional sanctions, evading scrutiny and making it harder for global enforcement agencies to track their activities. This approach not only undermines international legal systems but also highlights the adaptability of cybercriminals who can exploit even the most trusted institutions.

Moreover, North Korea’s Lazarus Group is no ordinary hacking collective. Often likened to the cyber equivalents of a nation-state’s military intelligence, the group has been responsible for some of the most high-profile cyberattacks in recent years, including the WannaCry ransomware attack in 2017. The group’s operations are methodical, highly targeted, and often focused on industries that can provide significant financial returns—such as the cryptocurrency sector. By using fake job postings to lure potential victims into downloading malware, they gain access to sensitive personal and financial data, which can then be monetized or used to advance Pyongyang’s geopolitical agenda.

Additionally, the FBI’s involvement in seizing the domain associated with Blocknovas illustrates the growing collaboration between private cybersecurity firms and government agencies. By publicly identifying these threats and targeting them through legal means, authorities are sending a strong message that cyber espionage will not be tolerated. However, the fact that these operations continue to evolve means that the struggle against cyber threats is far from over. It highlights the need for constant vigilance and the development of more sophisticated tools to track and disrupt such activities.

While the international community continues to tighten sanctions against North Korea, these revelations serve as a reminder that cyber threats remain an ever-present challenge. The nation’s ability to adapt and innovate in the realm of cyber espionage means that efforts to curtail its activities must be equally dynamic and coordinated.

Fact Checker Results

Verification of U.S. Companies: Both Blocknovas and Softglide were confirmed to be registered in the U.S., with fabricated details in their official records, aligning with Silent Push’s findings.
Lazarus Group Link: Silent Push has linked the hackers behind these operations to the Lazarus Group, a known North Korean hacking collective.
FBI Seizure of Domains: The FBI has indeed seized domains related to these operations, underscoring the U.S. government’s efforts to clamp down on North Korean cyber espionage.