In a new phishing attempt, BlueNoroff, a division of the North Korean state-sponsored hacking team Lazarus, is impersonating venture capitalists looking to invest in cryptocurrency firms.
Hackers Impersonating Crypto VCs
On December 27, cyber-security firm Kaspersky reported that the organization has seen a surge in activity after a pause for the majority of the year and is experimenting with new malware delivery methods.
According to the report, BlueNoroff has created more than 70 bogus domains in an attempt to impersonate banks and venture capital firms. The majority of fictitious venture capitalists pretended to be well-known Japanese businesses, but some pretended to be American or Vietnamese businesses.
Kaspersky Report: North Korean Hackers Impersonating #Crypto VCs … – #Cryptonews https://t.co/nQEFpH8kSc pic.twitter.com/tK7EtCgMe6
— Stock Market News (@Stock_Market_Pr) December 28, 2022
Furthermore, these fraudulent VCs target cryptocurrency firms that deal with blockchain, smart contracts, DeFi, and the FinTech sector using new malware delivery techniques.
BlueNoroff also employs software to circumvent Windows’ Mark-of-the-Web (MOTW) protection, which ensures that a warning message appears when users attempt to open a file obtained from the Internet, according to Kaspersky.
BlueNoroff Threat Actor
Kaspersky researchers coined the term “BlueNoroff” in 2016 while investigating the infamous attack on the Bangladeshi Central Bank. It was one of several North Korean cyber threats listed in an April advisory issued by the FBI and the US Cybersecurity and Infrastructure Security Agency.
Personally, BlueNoroff is not a threat actor that is particularly quick to evolve, but they are active and remain a concern. This time, they have unveiled an updated malware infection chain and malware, allowing them to bypass security measures.https://t.co/sCI917ekix pic.twitter.com/laCVuZAXtx
— Seongsu Park (@unpacker) December 28, 2022
BlueNoroff, a subset of the larger Lazarus group, focuses on companies that deal with blockchain, smart contracts, DeFi, and the FinTech sector. It accomplishes this by utilizing cutting-edge harmful technology.
In January 2022, Kaspersky analysts reported on a series of attacks by BlueNoroff on cryptocurrency businesses around the world, but there was a brief lull. According to Kaspersky’s analytics, the threat actor is back this autumn with far more sophistication and activity than before.
North Korean Hackers
According to Kaspersky, after downloading a Word document called “Shamjit Client Details Form.doc,” the UAE citizen who worked in the sales department and was in charge of signing contracts became a victim of the BlueNoroff group. It allowed the hackers to connect to his computer and extract data while attempting to run even powerful malware.
#BlockchainNews #BlueNoroff #NorthKorea #Hack #Hackers Kaspersky Report: North Korean Hackers Impersonating Crypto VCs in New Phishing Scam https://t.co/lfhqEsWh2P – https://t.co/HzksZFGgpd pic.twitter.com/So7Yr622ro
— Crypto News (@dumbwire) December 28, 2022
According to reports, North Korean hackers have stolen 1.5 trillion won ($1.2 billion) in digital assets since 2017. More than half of that total, or nearly 800 billion won ($626 million), has been taken this year.
The National Intelligence Service, South Korea’s top spy agency, claims that North Korea is using crypto assets obtained through theft to fund its weak economy and nuclear program.
How to Safeguard Businesses
To protect organizations, Kaspersky recommends the following measures:
- Give your employees a crash course in good cyber-security practices, and test their ability to identify phishing emails by simulating a phishing attack.
- Perform a cyber-security audit on your networks, then address any vulnerabilities on the network’s perimeter or within the network.
- For effective defense against known and unknown threats, use a reputable endpoint security product with behavior-based detection and anomaly management features, such as Kaspersky Endpoint Security for Business.
- To quickly identify and eliminate even the most elusive and novel threats, use a focused suite of cyber-security technologies for efficient endpoint protection, threat detection, and response.
- The Kaspersky Optimum Framework includes the necessary set of endpoint security features equipped with EDR and MDR.
- 2022 Biggest Hacking Year for DeFi So Far With Over $2 Billion Lost. Oryen Network Autostaking Keeps Your Tokens In Your Control
- Teenage Crypto Kingpin – Who is Ellis Pinsky and How Did He Pull Off a $24 Million Crypto Heist?
- Best Long Term Crypto Investments
Fight Out - Next Big Train-to-Earn Crypto
- Backed by LBank Labs, Transak
- Earn Rewards for Working Out
- Level Up and Compete in the Metaverse
- Presale Live Now - $5M Raised
- Real-World Community, Gym Chain
Discuss This Article
Add a New Comment /Reply
Thanks for adding to the conversation!
Our comments are moderated. Your comment may not appear immediately.