Read Time:1 Minute, 45 Second
BlueNoroff, an advanced persistent threat (APT) group first discovered by the Kaspersky researchers as they were investigating a Bangladesh Central bank cyberattack earlier in 2022. This APT is also a subcluster of the Lazarus Group, an infamous cybercrime group behind many global financial theft and espionage cases.
Cases of organisation infiltration from this group have been recorded across North and South America, Europe, Africa, and Asia.
Now they are trying to update their hacking tactics to bypass the Windows Mark of the Web (MotW) protections.
In research released on the 27th of December, Kaspersky revealed that this includes the usage of virtual hard disk (.VHD extension) and optical disk image (.ISO extension) file formats as a component of a novel infection chain.
“BlueNoroff created numerous fake domains impersonating venture capital companies and banks,” security researcher Seongsu Park stated.
In 2018 BlueNoroff focused on the cryptocurrency industry rather than banks. Kaspersky found out and disclosed details of a SnatchCrypto campaign. The opposing team is planning to steal cryptocurrency from the victims’ wallets.
Another notable activity associated with the group is AppleJeus, in which fake bitcoin firms are set up to lure unsuspecting users into installing applications that eventually receive updates with backdoors.
The most current behaviour seen by the Russian cybersecurity organisation when spear-phishing emails are used to spread an infection introduces modest alterations to deliver its ultimate payload, exchanging Microsoft Word document attachments for ISO files.
An optical image file containing a Visual Basic Script (VBScript) is triggered when the target clicks a link in a Microsoft PowerPoint presentation.
Later, it was discovered that North Korea was the origin of the hacking. According to the South Korean Intelligence Services (NIS), the North Korean government has backed hackers. In the past five years, as of this writing, they had already stolen over $1.2 billion in cryptocurrencies and other digital assets.
“This group has a strong financial motivation and actually succeeds in making profits from their cyberattacks,” Park said. “This also suggests that attacks by this group are unlikely to decrease in the near future.”
Happy
0 %
Sad
0 %
Excited
0 %
Sleepy
0 %
Angry
0 %
Surprise
0 %
0
0
