BlueNoroff, a subgroup of the North Korean state-sponsored hacking group Lazarus, is now impersonating venture capitalists looking to invest in crypto startups in a new phishing method.
According to a new report from the Cybersecurity firm Kaspersky, BlueNoroff has created more than 70 fake domains that seek to pose as venture capital firms and banks. The bulk majority of the fake VCs presented themselves as well-known Japanese companies, while some others assumed the identity of the United States and Vietnamese companies.
These fake VCs then target cryptocurrency startups that deal with smart contracts, DeFi, Blockchain, and the FinTech industry with new malware delivery methods.
Kaspersky says BlueNoroff is also using software to bypass Mark-of-the-Web (MOTW) technology, which ensures that a message from Windows pops up to warn users when trying to open a file downloaded from the Internet. In a press release, the company detailed:
"The attackers have used phishing techniques to try to infect targeted companies and then intercept large cryptocurrency transfers, changing the recipient's address, and pushing the transfer amount to the limit, essentially draining the account in a single transaction."
The BlueNoroff name was first coined by Kaspersky back in 2016 when its researchers were investigating the notorious attack on Bangladesh’s Central Bank.
Kaspersky noted that a UAE citizen, who was in the sales department responsible for signing contracts, fell victim to the BlueNoroff group after downloading a Word document called “Shamjit Client Details Form.doc,” which allowed the hackers to connect to his computer and extract information as they attempted to execute even more potent malware.
As reported, North Korean hackers
Read more on cryptonews.com