• North Korean hackers created two U.S. companies using fake identities to infect crypto developers with malware.
• Blocknovas LLC and Softglide LLC were established in New Mexico and New York, violating Treasury sanctions.
• The FBI has seized domains associated with the fake firms as part of ongoing investigations into North Korean cyber operations.

North Korean cyber spies created two firms in the United States, violating Treasury sanctions, to infect developers in the cryptocurrency sector with malicious software. The companies, Blocknovas LLC and Softglide LLC, were registered in New Mexico and New York using fabricated identities and addresses, according to cybersecurity researchers, specifically from Silent Push, a U.S.-based cybersecurity firm. Another entity, Angeloper Agency, is also linked to the operation but is not registered within the United States, according to Reuters, India Times, and South China Morning Post.

Researchers revealed that these businesses were set up by hackers affiliated with the elite Lazarus Group, a collective of North Korean hackers linked to the country's foreign intelligence agency, the Reconnaissance General Bureau. Kasey Best, director of threat intelligence at Silent Push, emphasized that this operation marks a unique case of North Korean hackers successfully establishing legitimate corporate structures within the U.S. to conduct their operations, according to Reuters and India Times.

Following investigations, the FBI issued a seizure notice for Blocknovas, confirming it was involved in deceptive job postings and malware distribution targeting cryptocurrency developers. The FBI has underscored its commitment to countering North Korean cyber threats, describing them as "perhaps one of the most advanced persistent threats" to the United States, as reported by Reuters and South China Morning Post.

The operations conducted by these North Korean entities represent a broader tactic of targeting the cryptocurrency industry to generate revenue for the regime. The United States, alongside South Korea and the United Nations, has also cited that North Korea deploys a significant number of IT professionals overseas to aid in financing its military and nuclear programs. The establishment of these companies stands as a violation of sanctions by the Office of Foreign Assets Control (OFAC) as well as United Nations mandates against North Korean commercial activities, according to Reuters, India Times, and South China Morning Post.

Silent Push confirmed that the hackers targeted job applicants with counterfeit job offers leading to malware installation capable of stealing valuable information, thereby facilitating further attacks on the cryptocurrency sector. The locations registered for Blocknovas and Softglide appear to be nonexistent or dubious, with Blocknovas listed at an empty lot in South Carolina and Softglide registered through a small tax office in Buffalo, New York, according to Reuters and South China Morning Post.