Skip to content

North Korean Hackers Created 70 Fake Bank, Venture Capital Firm Domains

Table of Contents

North Korea’s BlueNoroff hackers have updated their arsenal and delivery techniques in a new wave of attacks targeting banks and venture capital firms, cybersecurity firm Kaspersky reports.
Part of Lazarus, a hacking group linked to the North Korean government, BlueNoroff is financially motivated and has been blamed for numerous cyberattacks targeting banks, cryptocurrency firms, and other financial institutions.
Following several months of silence, the group has resumed its activities this fall with renewed attacks that leverage new malware, and updated delivery techniques that include new file types and a method of bypassing Microsoft’s Mark-of-the-Web (MotW) protections.
Specifically, the hackers are distributing optical disk image (.iso) and virtual hard disk (.vhd) files containing decoy Office documents, which allows them to avoid the MotW warning that Windows typically displays when a user attempts to open a document downloaded from the internet.
Relying on phishing, BlueNoroff is attempting to infect target organizations to intercept cryptocurrency transfers and drain accounts.
As part of the new campaign, the hacking group has registered roughly 70 fake domains mimicking well-known banks and venture capital firms, with a focus on Japanese firms. Organizations in UAE, US, and Vietnam are also targeted. These domains have been used for phishing attacks aimed at startup employees.
As part of the campaign, the hackers also used fake domains for hosting malicious documents and payloads, and fake domains imitating legitimate financial and investment companies, most of which are Japanese organizations. Lately, the group also targeted cryptocurrency-related businesses.
“As we can see from our latest finding, this notorious actor has introduced slight modifications to deliver their malware. This also suggests that attacks by this group are unlikely to decrease in the near future,” Kaspersky concludes.
North Korean Hackers Created 70 Fake Bank, Venture Capital Firm Domains | SecurityWeek.Com
North Korea’s BlueNoroff hacking group is targeting banks and venture capital firms with new malware and updated delivery techniques.
Full arcticle can be read here

#Campaign #Finance #APT #NorthKorea #IoCs

Latest

2024-117: Zero-Day Vulnerabilities in Palo Alto Networks PAN-OS

2024-117: Zero-Day Vulnerabilities in Palo Alto Networks PAN-OS

Palo Alto Networks released security updates for two actively exploited zero-day vulnerabilities in Palo Alto Networks PAN-OS. If exploited, these vulnerabilities could allow a remote unauthenticated attacker to gain administrator privileges, or a PAN-OS administrator to perform actions on the firewall with root privileges. It recommended applying the updates and

Members Public
Modern zsarolóvírusok

Modern zsarolóvírusok

A Magyar Védelmi Beszerzési Ügnynökséget az INC Ransom csoport támadta és zsarolta meg 2024. októberében. Az elmúlt időszakban megszaporodtak azok a magyarországi zsarolóvírus támadások, amelyek során az INC és a vele csaknem 71%-ban azonos Lynx zsarolóvírusokat használták a támadók.

Members Public