North Korean hackers have reportedly set up bogus U.S.-based companies to carry out a sophisticated malware campaign targeting crypto developers, according to a Reuters investigation published Friday.

The operation, uncovered by cybersecurity firm Silent Push, identified two shell companies—Blocknovas LLC and Softglide LLC—registered with fake names and addresses in New Mexico and New York. A third company, Angeloper Agency, was linked to the effort but had no official U.S. registration.

FBI Seizes Domain as Part of National Security Crackdown

The hackers, tied to the Lazarus Group—a North Korean cyber unit operating under the Reconnaissance General Bureau—used these fake firms to lure developers into malware-laced job interviews.

The FBI has since seized Blocknovas’ domain, stating it was part of a wider law enforcement initiative targeting North Korean-backed malware operations. These campaigns reportedly aim to steal access to crypto wallets and developer tools.

Further investigation found Blocknovas’ registered address led to a vacant property in South Carolina, while Softglide’s location was traced to a tax services office in Buffalo, New York.

Sanctions Violated as North Korea Continues Global Crypto Exploits

According to Silent Push, Blocknovas was the most active of the three entities, already compromising several targets. These activities breach sanctions enforced by the U.S. Treasury’s Office of Foreign Assets Control and violate UN resolutions designed to prevent North Korea from financing weapons development through illicit international means.

Crypto Theft Powers Pyongyang’s Weapons Program

The malware campaign is just the latest in a growing trend of state-sponsored North Korean cyber attacks aimed at funding its military expansion. The regime has also sent thousands of IT workers overseas, secretly funneling their earnings back to the country to support ballistic missile programs.

High-profile cases like the $600 million Axie Infinity hack have already linked North Korea to massive digital asset thefts. Experts warn that these funds are critical to financing the country’s advanced weapons development, making cybersecurity enforcement a matter of global security.