![A projection of cyber code on a hooded man is pictured in this illustration picture taken on May 13, 2017. [REUTERS]](https://www.koreadailyus.com/wp-content/uploads/2025/04/0425-hacker.jpg)
U.S. cybersecurity firm Silent Push alleged that North Korean hackers registered two shell companies — Softglide in New York and Blocknovas in New Mexico — as fronts for cyber operations, according to Reuters on Thursday.
Silent Push stated that the names listed on the company registration documents were fictitious, with false identities and fake addresses used in the filing process. The registered address for Blocknovas turned out to be an empty lot, while Softglide was reportedly registered via a small tax office in New York rather than by the founder directly.
Both entities are believed to have been created by subgroups of North Korea’s notorious Lazarus Group, a hacking organization linked to the regime.
“These attacks utilize fake personas offering job interviews, which lead to sophisticated malware deployments in order to compromise the cryptocurrency wallets of developers, and they also target the developers’ passwords and credentials which could be used to further attacks on legitimate businesses,” said Kasey Best, director of threat intelligence at Silent Push.
The hackers reportedly posted fake job listings through these crypto-themed front companies, luring in developers with job offers or mock interviews during which malware was delivered.
Silent Push was able to confirm multiple victims of the campaign, “specifically via Blocknovas, which is by far the most active of the three front companies,” Best said, adding “this is a rare example of North Korean hackers actually managing to set up legal corporate entities in the United States in order to create corporate fronts used to attack unsuspecting job applicants.”
While the FBI did not explicitly name the companies, it posted a notice on the Blocknovas website, saying the domain was seized “as part of a law enforcement action against North Korean Cyber Actors who utilized this domain to deceive individuals with fake job postings and distribute malware.”
Another FBI official emphasized that the bureau continues “to focus on imposing risks and consequences, not only on the North Korean actors themselves, but anybody who is facilitating their ability to conduct these schemes.”
Reuters reported that this incident illustrates how North Korea is expanding its crypto-focused fundraising strategies. In addition to cyberattacks, the regime is known to send thousands of IT workers abroad to generate revenue for its nuclear and missile programs.
