A new report by cybersecurity firm Silent Push has revealed that a sub-team of the North Korean cyber-espionage group Lazarus Group has registered two shell companies, Blocknovas LLC in New Mexico and Softglide LLC in New York, under false identities.
The tactic is believed to be a deliberate attempt to circumvent international sanctions imposed by the United States Treasury Department and the United Nations.
By creating seemingly legitimate business fronts within the U.S., Lazarus Group continues to evolve its strategies for launching cyberattacks while masking its North Korean affiliations.
Fake Job Postings Lure Crypto Developers into Malware Traps
Using the shell companies as a cover, Lazarus Group operatives posted fake job offers targeting cryptocurrency developers.
These offers were specifically designed to lure unsuspecting individuals into downloading malicious software, which in turn allowed the attackers to steal sensitive information such as wallet credentials.
According to Silent Push, this method of social engineering remains one of the most effective tools in the Lazarus Group’s arsenal, as it exploits trust and professional curiosity within the crypto and tech communities.
Also Read: US Moves to Seize $2.67 Million in Crypto Stolen by North Korean Lazarus Group
FBI Seizes Blocknovas Domain Used for Cyber Attacks
In response to these deceptive activities, the FBI has officially seized the domain belonging to Blocknovas LLC.
Authorities confirmed that the domain was being used to distribute malware through fake employment listings.
The intervention marks another effort by U.S. law enforcement to dismantle the infrastructure supporting North Korean cyber operations.
The seizure also signals increased scrutiny of seemingly domestic operations that may be fronts for sanctioned foreign entities.
Cyber Espionage Threat Extends Beyond Wallet Theft
Kasey Best, director of intelligence at Silent Push, warns that the Lazarus Group’s goal goes beyond merely stealing digital assets.
According to Best, stolen wallet credentials can serve as entry points into larger corporate networks, where attackers may implant additional tools for long-term espionage or sabotage.
The report emphasizes that such sophisticated attacks pose serious threats to the integrity of the broader cryptocurrency ecosystem, as well as the corporate cybersecurity landscape at large.
Also Read: South Korea Confirmed The Lazarus Group Was Behind The 342K Stolen ETH Upbit Hack In 2019
Lazarus Group Activity Escalates With Profitable Hacks and Obfuscation Tactics
Recent developments further indicate a surge in Lazarus Group operations. The group reportedly profited $2.51 million after selling 40.78 $WBTC for 1,857 ETH, following a 13-month holding period.
Meanwhile, another scheme involved North Korean hackers posing as remote workers in UK blockchain startups to siphon sensitive data and extort money.
In another move, the group deposited 400 $ETH (~$750,000) into Tornado Cash, a privacy protocol often used to obscure illicit crypto flows.
These activities demonstrate Lazarus’s broadening scope and the growing challenges global regulators face in tracing and mitigating cybercrime from state-sponsored actors.
Also Read: Decentralized Crypto Exchange KiloEX Loses $7.5M in Hack, $KIKO Falls by 31%