BlueNoroff, a North Korean state-sponsored Lazarus Group company, has revived its attack on venture capital firms, crypto startups, and banks. Kaspersky Lab announced that the group’s activity has increased after a pause for much of the year and is trying new distribution methods for its ransomware.
After building more than 70 fake domains and impersonating banks and VC companies, ‘BlueNoroff’ stole millions of dollars in cryptocurrency. Moreover, most false VCs pretended to be well-known Japanese enterprises, but others posed to be American or Vietnamese companies.
These fraudulent VCs then use a new virus to target crypto firms, DeFi, Blockchain, and the FinTech sector. The BlueNoroff group used Word documents to insert malware until a few months ago. They have lately improved their techniques, releasing a new Windows Batch file that allows them to expand their virus’s reach and mode of operation.
These new.bat scripts avoid Windows Mark-of-the-Web (MOTW) security procedures, which are secret marks attached to files obtained from the Internet to prevent users from files from unreliable sources. In late September, Kaspersky verified that, in addition to new scripts, the BlueNoroff group began using.iso and.vhd disc image files to spread bugs.
Kaspersky also discovered that a user in the United Arab Emirates became a victim of the BlueNoroff gang after downloading “Shamjit Client Details Form.doc,” which allowed the hackers to log in to his system and recover information while attempting to execute even more potent malware.
Hacking Tactics Are Increasingly Harmful
Since 2017, hackers backed by the North Korean government have stolen over $1 billion in digital assets. Based on an AP News report, South Korea’s premier spy agency, the National Intelligence Service, has revealed that North Korean hackers have stolen an estimated 1.5 trillion won ($1.2 billion) in crypto assets over the last five years.
More than half of the sum, or over 800 billion won ($626 million), has been taken this year. Additionally, South Korea supplied more than 100 billion won ($78 million) to the total.
Affected by heavy UN sanctions and the COVID-19 epidemic, experts and authorities claim North Korea has turned to crypto hacking and other illegal cyber operations for desperately needed foreign cash to sustain its struggling economy and fund its nuclear programme.
Its most prominent group, Lazarus, was the suspect of massive phishing attacks and malware-spreading tactics. Despite the loss of over 620 million dollars from Axie Infinity, the North Korean cyber group Lazarus is one of the world’s largest hacker groups.
North Korea has denied that it wants to hack crypto and rejected claims about the Lazarus group. In addition, the NIS expects North Korean hackers to boost their illegal cyberattacks in 2023 to steal advanced South Korean technology and private data on South Korean foreign policy and national security.