North Korean State Sponsored Hacking Group Lazarus Targets Crypto VCs in New Phishing Scam

In a new phishing attempt, BlueNoroff, a division of the North Korean state-sponsored hacking team Lazarus, is impersonating venture capitalists looking to invest in cryptocurrency firms.

Hackers Impersonating Crypto VCs

On December 27, cyber-security firm Kaspersky reported that the organization has seen a surge in activity after a pause for the majority of the year and is experimenting with new malware delivery methods.

According to the report, BlueNoroff has created more than 70 bogus domains in an attempt to impersonate banks and venture capital firms. The majority of fictitious venture capitalists pretended to be well-known Japanese businesses, but some pretended to be American or Vietnamese businesses.

Furthermore, these fraudulent VCs target cryptocurrency firms that deal with blockchain, smart contracts, DeFi, and the FinTech sector using new malware delivery techniques.

BlueNoroff also employs software to circumvent Windows’ Mark-of-the-Web (MOTW) protection, which ensures that a warning message appears when users attempt to open a file obtained from the Internet, according to Kaspersky.

BlueNoroff Threat Actor

Kaspersky researchers coined the term “BlueNoroff” in 2016 while investigating the infamous attack on the Bangladeshi Central Bank. It was one of several North Korean cyber threats listed in an April advisory issued by the FBI and the US Cybersecurity and Infrastructure Security Agency.

BlueNoroff, a subset of the larger Lazarus group, focuses on companies that deal with blockchain, smart contracts, DeFi, and the FinTech sector. It accomplishes this by utilizing cutting-edge harmful technology.

In January 2022, Kaspersky analysts reported on a series of attacks by BlueNoroff on cryptocurrency businesses around the world, but there was a brief lull. According to Kaspersky’s analytics, the threat actor is back this autumn with far more sophistication and activity than before.

North Korean Hackers

According to Kaspersky, after downloading a Word document called “Shamjit Client Details Form.doc,” the UAE citizen who worked in the sales department and was in charge of signing contracts became a victim of the BlueNoroff group. It allowed the hackers to connect to his computer and extract data while attempting to run even powerful malware.

According to reports, North Korean hackers have stolen 1.5 trillion won ($1.2 billion) in digital assets since 2017. More than half of that total, or nearly 800 billion won ($626 million), has been taken this year.

The National Intelligence Service, South Korea’s top spy agency, claims that North Korea is using crypto assets obtained through theft to fund its weak economy and nuclear program.

How to Safeguard Businesses

To protect organizations, Kaspersky recommends the following measures:

  • Give your employees a crash course in good cyber-security practices, and test their ability to identify phishing emails by simulating a phishing attack.
  • Perform a cyber-security audit on your networks, then address any vulnerabilities on the network’s perimeter or within the network.
  • For effective defense against known and unknown threats, use a reputable endpoint security product with behavior-based detection and anomaly management features, such as Kaspersky Endpoint Security for Business.
  • To quickly identify and eliminate even the most elusive and novel threats, use a focused suite of cyber-security technologies for efficient endpoint protection, threat detection, and response.
  • The Kaspersky Optimum Framework includes the necessary set of endpoint security features equipped with EDR and MDR.

Leave a Comment