North Korean hackers linked to the Lazarus Group have quietly established two companies in the United States as part of a campaign to infiltrate the cryptocurrency sector, cybersecurity firm Silent Push has revealed.
The firms, BlockNovas LLC and SoftGlide LLC, were registered in New Mexico and New York, respectively, and served as fronts to deliver malware to unsuspecting developers in the crypto industry.
Using forged identities and fake addresses, the attackers created the illusion of legitimate US-based businesses.
Silent Push researchers say the operation was led by a subgroup within Lazarus known as “Contagious Interview.”
The group set up a third fake company, Angeloper Agency, which was not registered in the US but was tied to the same malware distribution effort.
What makes the case especially alarming is that these entities weren’t just website facades — they were formally incorporated using fabricated data, with entire fake teams built using AI-generated employee profiles.
Source: Silent Push
"Mehmet Demir" is a fabricated persona created on LinkedIn, with his work experience listing two of the shell companies, adding a layer of legitimacy to the operation. (Source: Silent Push)
How Malware Was Spread Through Job Interview Traps
The campaign relied heavily on fraudulent job interview tactics.
Developers searching for roles in the crypto space were lured with fake job offers from these shell companies.
Once contact was established, malware was sent under the guise of job-related materials.
The goal was to steal wallet credentials and sensitive data that could allow follow-up attacks on crypto platforms.
Silent Push has linked domains such as `blocknovas[.]com`, `apply-blocknovas[.]site`, and `lianxinxiao[.]com` to the operation, suggesting a network of coordinated infrastructure designed to mimic legitimate recruitment sites.
Source: Silent Push
Source: Silent Push
This latest campaign fits a pattern seen in previous high-profile breaches.
The Lazarus Group is known for targeting individuals through fake employment lures.
In 2021, a similar strategy was used to infiltrate Sky Mavis, resulting in the $625 million Ronin Bridge hack.
In 2022, another job-based deception led to a $100 million theft from Harmony’s Horizon Bridge.
Since 2017, Lazarus-linked operations have stolen over $3 billion in cryptocurrency, according to estimates from the United Nations and blockchain analytics firm Chainalysis.
These campaigns have become a go-to method for North Korea’s state-sponsored cyber units.
The attackers used forged personal details and deepfake-style profile images to register the companies and build corporate websites.
According to Kasey Best, director of threat intelligence at Silent Push,
“This is a rare example of North Korean hackers actually managing to set up legal corporate entities in the US in order to create corporate fronts used to attack unsuspecting job applicants.”
The scale and ambition of this operation highlight the evolving tactics used by North Korean cyber units to stay ahead of detection and regulatory scrutiny, leveraging the credibility of US incorporation to gain trust from crypto professionals around the world.
Dairy Queen Takes a Dip into NFTs with Weirdo Ghost Gang Collaboration in Chengdu, China. The 'Ice and Snow Season' pop-up not only offers treats but also immerses visitors in NFT experiences, highlighting the fusion of traditional business with digital innovation.
JixuThe NHL Breakaway NFT platform, in collaboration with Sweet, enters the digital collectibles arena, providing hockey fans with a unique experience. Priced at $19, the Series 1 starter pack features memorable moments, fostering community engagement and marking a significant milestone in the integration of NFTs in major sports leagues.
JixuThe SEC has prolonged its scrutiny of Grayscale's Ethereum Futures Trust, a decision poised to influence the trajectory of cryptocurrency Exchange-Traded Funds (ETFs) in the US.
CatherineCake Group, led by CEO Julian Hosp, announces a significant retrenchment and restructuring effort to realign with its core business, Bake, impacting 52 team members, while unveiling Cake 2.0 for a strategic shift in focus amidst challenges in the crypto landscape.
JasperDairy Queen surprises Chengdu with an unconventional NFT collaboration with Weirdo Ghost Gang, transforming its outlet into a "ghost ski resort" pop-up, showcasing limited-edition merchandise and a unique ice cream creation, amidst broader industry trends of integrating NFTs into tangible products and strategic considerations in a fluctuating market.
JasperA significant number of OpenSea users have encountered a widespread email phishing campaign, characterised by deceptive tactics such as a fake developer API risk alert and a fake NFT offer.
KikyoPriced at $50 each, the NFTs (1,000 in total) not only grant early access to the physical gear but also offer unique advantages for holders.
BrianPSG and Blvck Paris pioneer a blend of sports, fashion, and digital art with an exclusive NFT launch on Crypto.com, shaping trends at the intersection of style and blockchain innovation.
Hui XinMicrosoft has unveiled plans to transition from Bing Chat to Microsoft Copilot, signalling a strategic move aimed at entering the competitive arena with ChatGPT.
CatherineCircle, a prominent stablecoin issuer, has made a strategic investment in Sei Network, a layer-1 blockchain
Aaron