Lazarus Group Sets Up US Shell Companies to Target Crypto Developers in Malware Scheme

In Brief:

North Korean hackers created fake firms in the U.S. to distribute malware via fake job interviews.

Victims include crypto developers whose wallets and credentials were compromised.

‍
According to a Reuters report, North Korea’s Lazarus Group has escalated its cyber operations by creating shell companies in the United States to launch targeted attacks on the crypto industry. The state-backed hacking group reportedly formed two entities—Blocknovas LLC in New Mexico and Softglide LLC in New York—using fake identities.

Cybersecurity firm Silent Push revealed that the companies were part of a larger scheme to lure crypto developers into fake job interviews. These interviews were used to deploy malware and steal sensitive data such as wallet credentials and private keys.

The hackers’ method marks a rare and alarming shift: using officially registered U.S. businesses as a front for cyber espionage. Silent Push described the case as “a first-of-its-kind example of North Korean actors registering real companies in the U.S. to execute cyber attacks.”

The campaign has already affected several developers in the crypto space, adding to the Lazarus Group’s long history of cyber intrusions, which have previously included DeFi breaches and centralized exchange thefts.

U.S. authorities and cybersecurity teams are expected to intensify monitoring and response efforts as North Korea continues to innovate its offensive cyber capabilities, particularly within crypto.

‍