Hackers hailing from North Korea are increasingly adapting and changing their ways of obtaining sensitive information from their targets, which will open the doors to accessing their hard-earned digital assets, such as cryptocurrencies and NFTs.
BlueNoroff Hacker Group has Been Posing as Crypto VC Firms
According to cyber security firm Kaspersky, BlueNoroff, an offshoot of the infamous North Korean state-sponsored Lazarus Groups responsible for the record-breaking $600 million Axie Infinity Hack, has devised a new phishing scheme by posing as crypto VCs to deliver malicious malware to target electronic devices.
BlueNoroff is notorious for targeting venture capital firms, crypto startups and banks. In early and late 2022, experts at Kaspersky observed an increase in attacks on crypto startups worldwide initiated by BlueNoroff.
The hacker group has modified its ways of delivering malicious malware to target machines by using previously unused file types for such activities, including a new Visual Basic Script, an unseen Windows Batch file and a Windows executable.
Their new methods also include using file types that avoid the Mark-of-the-Web (MOTW) flag. The latter is a Microsoft Windows security measure that issues a warning message when a user is about to open a file downloaded from the internet. It also offers to open the file in ‘Protected view’ to minimise its impact on the computer. The North Korean group is thus using ISO file types to avoid triggering the warning by Windows.
North Korean Hackers are Also Registering Fake Domains Mimicking Banks and VCs
The North Korean hacker groups are increasingly launching and maintaining fake websites/domains that mimic legitimate venture capital firms and banks to further push the legitimacy of their phishing schemes.
In particular, they are copying Japanese financial institutions such as Beyond Next Ventures, Mizuho Financial Group, and others, indicating that they are interested in entities from the country. Firms from the UEA, US and Vietnamese are also their favourite in their phishing schemes.
2023 Looks Set to Be A Big Year for Hackers
The Kaspersky team also forecasted that next year might be a big year for North Korean hackers.
‘As per our forecast in recent APT predictions for 2023, the coming year will be marked by the cyber epidemics with the biggest impact, the strength of which has been never seen before,’ explained Seongsu Park, a lead security researcher at Kaspersky’s Global Research and Analysis Team (GReAT).
‘They will resemble the infamous WannaCry in their technological superiority and effect. Our findings in the BlueNoroff experiments prove that cybercriminals are not standing still and are constantly testing and analysing new and more sophisticated tools of attack. On the threshold of new malicious campaigns, businesses must be more secure than ever: train your employees in the basics of cybersecurity and use a trusted security solution on all corporate devices,’ he added.
(By John P. Njui)
All Comments