BlueNoroff, part of the North Korean state-backed Lazarus Group, has renewed its targeting of venture capital firms, crypto firms and banks. Cybersecurity lab Kaspersky says the group has seen a spike in activity after the recession for most of the year and is testing new distribution methods for its malware. reported.
BlueNoroff has created more than 70 fake domains impersonating venture capital firms and banks. Most of the counterfeit products presented themselves as well-known Japanese companies, but some also assumed the identity of US and Vietnamese companies.
BlueNoroff introduces new methods bypassing MoTWhttps://t.co/C6q0l1mWqo
— Pentesting News (@PentestingN) December 27, 2022
The group is experimenting with new file types and other malware distribution methods, according to the report. Once the malware is deployed, it evades Windows Web Beacon security warnings about downloading content, and then “blocks large cryptocurrency transfers, changing the recipient’s address, and pushing the transfer amount to the limit, essentially emptying the account in a single transaction.”
You may be interested: Japanese police accuse Lazarus of crypto hacks
According to Kaspersky, the problem with threat actors is getting worse and worse. Researcher Seongsu Park said in a statement: used:
“Cyber epidemics with the greatest impact, the power of which has never been seen before, will mark the coming year. With these bad factors at hand, businesses need to be more secure than ever before.”
The BlueNoroff subgroup of Lazarus was first detected after attacking Bangladesh’s central bank in 2016. This group was among a group of North Korean cyber threats that the US Cybersecurity and Infrastructure Security Agency and Federal Bureau of Investigation also cited in an April warning.
North Korean threat actors linked to the Lazarus Group have also been found to be trying to steal NFTs in recent weeks. The group was also responsible for the $600 million Ronin Bridge exploit in March.