BlueNoroff, part of the North Korean state-backed Lazarus Group, has turned its focus to venture capital (VC) firms, crypto startups, and banks. According to cybersecurity lab Kaspersky, the criminal group has grown steadily over the past year and is testing its new phishing scheme for next year.
BlueNoroff has created more than 70 domain names that mimic VCs and banks. Most of the fake domain names are disguised as large organizations of Japan, United States and Vietnam. The group experimented with new file types and malware delivery methods. These types of software can evade Windows Mark-of-Web warnings when users need to download content, then continue to intercept large crypto transfers, change recipient addresses, and even push the transfer amount to the limit. After all, they drain the victim’s account in a single transaction.
“The coming year will be marked by the cyber epidemics with the biggest impact, the strength of which has been never seen before. On the threshold of new malicious campaigns, businesses must be more secure than ever”, said Kaspersky researcher Seongsu Park.
BlueNoroff was first identified after the attack on Bangladesh central bank in 2016. This is a North Korean cyber threat that the US Cybersecurity and Infrastructure Agency as well as Federal Bureau of Investigation had previously warned.
This notorious hacker group has also been accused by the US of being behind many attacks such as Ronin Bridge of Axie Infinity or Horizon Bridge. According to Chainalysis, North Korea stole about $400 million in cryptocurrency through cyberattacks in 2021, up nearly 40% from 2020. Illegal funds linked to multiple hacking groups from North Korea are mainly in Ethereum (58%), Bitcoin (20%), and other tokens (22%).
Follow our channels for more crypto news:
- Cryptory Insights: https://t.me/CryptoryInsights
- Cryptory Global Community: https://t.me/CryptoryCommunity
- Facebook: https://www.facebook.com/CryptoryNetwork
- Twitter: https://twitter.com/CryptoryNetwork