North Korean hackers – Lazarus tests a new phishing technique

The Lazarus hacker group had a “harvesting” 2022 with many trophies on the names of Japanese, American and Vietnamese companies.

According to the latest intelligence, BlueNoroff, part of the North Korean state-backed Lazarus Group, has turned its sights on venture capital (VC) firms, crypto startups, and banks. Kaspersky’s cybersecurity department says the criminal group has grown steadily over the past year and is renewing its attack path for 2023.

BlueNoroff has created more than 70 domain names impersonating investment companies and banks, most of them masquerading as large Japanese, US and Vietnamese organizations.

Tweet: https://twitter.com/PentestingN/status/1607696299649896448

Specifically, the group tested new file types and malware installation methods. These types of software will avoid Windows Mark-of-Web warnings every time a user needs to download content, then continue to block large crypto transfers, change recipient addresses, and even Adjust the withdrawal limit. After all, draining the victim’s account in a single transaction.

Kaspersky researcher Seongsu Park said:

“Next year will be the year of a cyber epidemic with unprecedented consequences. On the heels of new malicious campaigns, businesses need to be more vigilant than ever.”

Lazarus’ BlueNoroff team was first discovered after the Bangladesh central bank attack in 2016. This is a North Korean threat that the US Cybersecurity and Infrastructure Agency as well as the Bureau of Investigation The Federation does not stop warning.

In April, the US Government accused this notorious hacker group of being behind the attack on Axie Infinity’s Ronin Bridge or Horizon Bridge. According to Chainalysis, North Korea stole around $400 million in cryptocurrency through cyberattacks in 2021, an increase of nearly 40% from 2020. Illegal funds linked to multiple hacking groups from the Binh government Pyongyang is mainly in Ethereum (58%), Bitcoin (20%), and other tokens (22%).