New tricks of hackers from North Korea
2022.12.27 14:06
New tricks of hackers from North Korea
Budrigannews.com – BlueNoroff, a subsidiary of the North Korean state-sponsored Lazarus Group, has intensified its efforts to target banks, crypto startups, and venture capital firms. After a lull for the majority of the year, the group, according to the cybersecurity lab Kaspersky, has shown a spike in activity and is testing new malware delivery methods.
BlueNoroff has created over 70 fake domains that appear to be banks and venture capital firms. The majority of the fakes introduced themselves too known Japanese organizations, however some additionally expected the character of US and Vietnamese organizations.
BlueNoroff introduces new methods bypassing MoTWhttps://t.co/C6q0l1mWqo
— Pentesting News (@PentestingN) December 27, 2022
The report says that the group has been trying out new file types and other ways to spread malware. Once installed, its malware evades Windows Mark-of-the-Web security alerts about downloading content before “intercepting large cryptocurrency transfers, changing the recipient’s address, and pushing the transfer amount to the limit, effectively draining the account in a single transaction.”
The threat actors issue is getting worse, according to Kaspersky. Scientist Seongsu Park said in an explanation:
“The coming year will be marked by the cyber epidemics with the biggest impact, the strength of which has been never seen before. […] On the threshold of new malicious campaigns, businesses must be more secure than ever.”
When the BlueNoroff subgroup of Lazarus attacked the Bangladeshi central bank in 2016, it was the first group to be identified. It was among a gathering of North Korean digital dangers the U.S. Online protection and Framework Security Organization and Government Agency of Examination referenced in an alarm gave in April.
More Philippines Warns Investors about Risks of Crypto Exchanges
In recent weeks, it has also been observed that Lazarus Group-affiliated North Korean threat actors are attempting to steal nonfungible tokens. In March, the $600-million Ronin Bridge scam was carried out by the group.
