North Korean group BlueNoroff has find a new way to hack into your crypto wallets. Now it resembles banks and Japanese VC firms. This December 27, Kaspersky Lab announced that the North Korean hacking group ‘BlueNoroff’ stole millions of dollars in cryptocurrencies after creating more than 70 fake domains and impersonating banks and venture capital firms.According to the investigation, most of the domains mimicked Japanese venture capital firms, denoting a strong interest in user and company data within that country. “After researching the infrastructure that was used, we discovered more than 70 domains used by this group, meaning they were very active until recently. Also, they created numerous fake domains that look like venture capital and bank domains.” Until a few months ago, the BlueNoroff group used Word documents to inject malware. However, they recently improved their techniques, creating a new Windows Batch file that allows them to extend the scope and execution mode of their malware. These new .bat files circumvent Windows Mark-of-the-Web (MOTW) security measures, a hidden mark attached to files downloaded from the Internet to protect users against files from untrusted sources. After a thorough investigation in late September, Kaspersky confirmed that in addition to using new scripts, the BlueNoroff group began using .iso and .vhd disk image files to distribute viruses.
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.