• North Korean state-sponsored hacking group BlueNoroff is now impersonating venture capitalists in a new phishing scam.
• The group has created more than 70 fake domains to pose as venture capital firms and banks.
• Kaspersky has reported that BlueNoroff is using malware to bypass MOTW technology and compromise cryptocurrency transfers.
North Korean state-sponsored hacking group BlueNoroff has recently been identified as the source of a new phishing scam. According to a report from the cybersecurity firm Kaspersky, BlueNoroff has created more than 70 fake domains that are posed as venture capital firms and banks. These fake VCs have been specifically targeting the cryptocurrency industry, with a particular focus on smart contracts, DeFi, Blockchain and FinTech startups.
The malicious activities of BlueNoroff have been facilitated by the use of malware that is designed to bypass Mark-of-the-Web (MOTW) technology. MOTW is a security feature that is designed to alert users when they attempt to open a file downloaded from the Internet. By bypassing this technology, BlueNoroff is able to access cryptocurrency transfers and intercept them by changing the recipient’s address. This allows them to quickly drain accounts in a single transaction.
Kaspersky also emphasized that BlueNoroff has been using phishing techniques to try and infect targeted companies. This involves sending emails with malicious attachments, such as the infamous “Shamjit Client Details Form.doc” which was first identified by Kaspersky back in 2016. This document was used to gain access to a UAE citizen’s computer and extract information from it.
In light of the new findings, Kaspersky recommends that companies and users in the cryptocurrency industry ensure that they are taking the necessary steps to protect themselves from such threats. This includes regularly updating anti-virus software, implementing two-factor authentication, and regularly monitoring accounts for unusual activity. Additionally, users should be aware of phishing emails, and not open attachments or links from suspicious sources.
BlueNoroff’s new phishing scam is a reminder that the cryptocurrency industry is still vulnerable to malicious actors, and that users must remain vigilant in order to protect their digital assets. By taking the necessary precautions and remaining aware of the latest threats, users can help to ensure that their accounts and funds remain secure.