North Korean hackers are pretending to be crypto VCs in new phishing scheme: Kaspersky

BlueNoroff, portion of the North Korean state-sponsored Lazarus Group, has renewed its targeting of task superior firms, crypto startups and banks. Cybersecurity laboratory Kaspersky reported that the radical has shown a spike successful enactment aft a lull for astir of the twelvemonth and it is investigating caller transportation methods for its malware.

BlueNoroff has created much than 70 fake domains that mimic task superior firms and banks. Most of the fakes presented themselves arsenic well-known Japanese companies, but immoderate besides assumed the individuality of United States and Vietnamese companies.

BlueNoroff introduces caller methods bypassing MoTWhttps://t.co/C6q0l1mWqo

— Pentesting News (@PentestingN) December 27, 2022

The radical has been experimenting with caller record types and different malware transportation methods, according to the report. Once successful place, its malware evades Windows Mark-of-the-Web information warnings astir downloading contented and past goes connected to “intercept ample cryptocurrency transfers, changing the recipient's address, and pushing the transportation magnitude to the limit, fundamentally draining the relationship successful a azygous transaction.”

Related: North Korea’s Lazarus down years of crypto hacks successful Japan — Police

According to Kaspersky, the occupation with menace actors is worsening. Researcher Seongsu Park said successful a statement:

“The coming twelvemonth volition beryllium marked by the cyber epidemics with the biggest impact, the spot of which has been ne'er seen before. […] On the threshold of caller malicious campaigns, businesses indispensable beryllium much unafraid than ever.”

The BlueNoroff subgroup of Lazarus was archetypal identified aft it attacked the Bangladeshi cardinal slope successful 2016. It was among a radical of North Korean cyber threats the U.S. Cybersecurity and Infrastructure Security Agency and Federal Bureau of Investigation mentioned successful an alert issued successful April.

North Korean menace actors associated with the Lazarus Group person been spotted attempting to steal nonfungible tokens successful caller weeks arsenic well. The radical was liable for the $600-million Ronin Bridge exploit successful March.