By James Davis
BlueNoroff, the new hacking group under the notorious North Korean Lazarus Group, has recently extended its illegal activities. According to Kaspersky, a cybersecurity firm, the cyber attackers now pretend to be venture capitalists seeking to invest in crypto startups.
Kaspersky reports that BlueNoroff has created several fake domains mimicking actual venture capital firms and banks. In addition, the cybersecurity firm says it detected numerous attack attempts by BlueNoroff targeting crypto firms in January this year.
Kaspersky Explains how BlueNoroff Operates
Kaspersky further claims that BlueNoroff is utilizing malware to target companies that deal with Blockchain, smart contracts, and DeFi. The cybersecurity company adds that these attackers have software to evade Mark-of-the-Web technology, which warns users about opening a harmful file downloaded from the internet.
Stealing crypto has been a lucrative activity for North Korean attackers. According to South Korean spy agencies, hackers have made way with over $1.3 billion in crypto for the last five years. The attackers targeted several crypto firms this year, including Binance, the fallen FTX, Ronin, and Wormhole.
BlueNoroff Alleged Attacks in 2022
In August, BlueNoroff sent an engineering manager job offer to numerous candidates on LinkedIn. The hackers claimed to be the hiring agency for the crypto exchange Coinbase. They encouraged the job seekers to download a document containing details of the open vacancy. However, the document would install trojan horse and steal personal information once downloaded.
In October, the cyber attackers accessed the Binance Smart Chain and took away over $90 million in crypto. In Mid-November, the day FTX filed for bankruptcy, an undisclosed actor drained funds from FTX wallets totaling over $600 million in tokens. A Twitter user (@0xfoobar) suggested that it could be another hacking incident by BlueNoroff.
Despite the story of the collapse of FTX and Sam Bankman-Fried taking over the crypto headlines, the risk posed by cyber attackers has remained the same. When combined with the current harsh market conditions, the attacks can cause a lot of firms to shut down operations if security measures are not put in place to prevent them.