Tuesday 31 January 2023
Home / none / North Korean hackers are pretending to be crypto VCs in new phishing scheme — Kaspersky

North Korean hackers are pretending to be crypto VCs in new phishing scheme — Kaspersky

BlueNoroff, part of the North Korean state-sponsored Lazarus Group, has renewed its targeting of venture capital firms, crypto startups and banks. Cybersecurity lab Kaspersky reported that the group has shown a spike in activity after a lull for most of the year and is testing new delivery methods for its malware.

BlueNoroff has created more than 70 fake domains that mimic venture capital firms and banks. Most of the fakes presented themselves as well-known Japanese companies, but some also assumed the identity of United States and Vietnamese companies.

The group has been experimenting with new file types and other malware delivery methods, according to the report. Once in place, its malware evades Windows Mark-of-the-Web security warnings about downloading content and then goes on to “intercept large cryptocurrency transfers, changing the recipient’s address, and pushing the transfer amount to the limit, essentially draining the account in a single transaction.”

Related: North Korea’s Lazarus behind years of crypto hacks in Japan — Police

According to Kaspersky, the problem with threat actors is worsening. Researcher Seongsu Park said in a statement:

“The coming year will be marked by the cyber epidemics with the biggest impact, the strength of which has been never seen before. […] On the threshold of new malicious campaigns, businesses must be more secure than ever.”

The BlueNoroff subgroup of Lazarus was first identified after it attacked the Bangladeshi central bank in 2016. It was among a group of North Korean cyber threats the U.S. Cybersecurity and Infrastructure Security Agency and Federal Bureau of Investigation mentioned in an alert issued in April.

North Korean threat actors associated with the Lazarus Group have been spotted attempting to steal nonfungible tokens in recent weeks as well. The group was responsible for the $600-million Ronin Bridge exploit in March.

Original Article

About Jude Savage

Check Also

Solana price rally risks exhaustion after SOL’s 120% pump in two weeks

Solana (SOL) price is up an impressive 60% since the new year, partially boosted by hype surrounding meme cryptocurrency Bonk (BONK). However, the SOL/USD pair now shows signs of exhaustion, raising anticipations that the token may see a short-term correction in the coming days. Solana turns overboughtSolana is one of the best performing cryptocurrencies so far in 2023 after being one of the biggest losers in 2022. On Jan. 9, SOL's price jumped to as high as $19.50, or around 120% gains in a recovery rally after sliding below $8 on Dec. 29, 2022. But the price spik also turned Solana into an overbought asset, per its daily relative strength index (RSI) reading above 70, as shown below. SOL/USD daily price chart. Source: TradingViewTraditional investors typically see an overbought RSI as a potential sell signal, given the indicator has historically coincided with a period of buyer exhaustion. As a result, SOL's price could enter a correction or a sideways consolidation stag..

Leave a Reply

Your email address will not be published. Required fields are marked *