A North Korean hacking group steals millions posing as Japanese banks and venture capital firms

On December 27, Kaspersky Lab announced that the North Korean hacker group “BlueNoroff” had stolen millions of dollars in cryptocurrency after creating more than 70 fake domains posing as banks and venture capital firms.

According to the survey, most domains mimic Japanese venture capital firms, indicating strong interest in data users and businesses in that country.

“After checking the infrastructure used, we discovered more than 70 domains used by this group, which means that they have been very active until recently. In addition, they have created several fake domains that look like venture capital and banking domains.”

Bluenoroff’s group has perfected their infection techniques

Until a few months ago, the BlueNoroff group used Word documents to introduce malware. However, they have recently improved their techniques and created a new Windows Batch file that allows them to expand the scope and execution mode of their malware.

The new .bat files bypass the Windows Mark of the Web (MOTW) security measure, which is a hidden tag attached to files downloaded from the Internet to protect users from files from untrusted sources.

After a thorough investigation at the end of September, Kaspersky confirmed that, in addition to using the new scripts, the BlueNoroff group began using .iso and .vhd disk image files to distribute viruses.

Kaspersky also found that a user in the UAE fell victim to BlueNoroff’s suite after downloading a Word document called “Shamjit Client Details Form.doc,” which allowed hackers to connect to his computer and extract information as they tried to implement even more potent malware.

Once the hackers were logged into the computer, they “tried to fingerprint the victim and install additional malware with elevated privileges,” but the victim executed several commands to collect basic system information, preventing the malware from spreading further.

Hacking techniques are becoming more and more dangerous

Believe it or not, North Korea is reported to lead the world in crypto crime. Reports indicate that North Korean hackers managed to steal more than $1 billion in cryptocurrency by May 2022. Its largest group, Lazarus, has been named as responsible for major phishing attacks and malware distribution techniques.

After more than $620 million was stolen from Axie Infinity, North Korean hacker group Lazarus, one of the largest hacker groups in the world, has accumulated enough money to improve its software that it has created an advanced cryptocurrency system by domain. called bloxholder .com which they used as a front to steal the private keys of many of their “clients”.

As reported by Microsoft, attacks targeting cryptocurrency institutions for higher rewards have increased in recent years, so the attacks are becoming more sophisticated than before.

One of the latest techniques hackers use through Telegram groups is to send infected files disguised as Excel spreadsheets containing exchange company fee structures as a hook.

Once victims open the files, they download a series of programs that allow the hacker to gain remote access to the infected device, be it a mobile device or a personal computer.

A North Korean hacking group that has post millions of venture capitalists and Japanese banks has made its debut on CryptoPotato.

Leave a Reply

Your email address will not be published. Required fields are marked *