BlueNoroff, a subgroup of the North Korean state-sponsored hacking group Lazarus, is now impersonating venture capitalists looking to invest in crypto startups in a new phishing method.
According to a new report from the Cybersecurity firm Kaspersky, BlueNoroff has created more than 70 fake domains that seek to pose as venture capital firms and banks. The bulk majority of the fake VCs presented themselves as well-known Japanese companies, while some others assumed the identity of the United States and Vietnamese companies.
These fake VCs then target cryptocurrency startups that deal with smart contracts, DeFi, Blockchain, and the FinTech industry with new malware delivery methods.
Kaspersky says BlueNoroff is also using software to bypass Mark-of-the-Web (MOTW) technology, which ensures that a message from Windows pops up to warn users when trying to open a file downloaded from the Internet. In a press release, the company detailed:
“The attackers have used phishing techniques to try to infect targeted companies and then intercept large cryptocurrency transfers, changing the recipient’s address, and pushing the transfer amount to the limit, essentially draining the account in a single transaction.”
The BlueNoroff name was first coined by Kaspersky back in 2016 when its researchers were investigating the notorious attack on Bangladesh’s Central Bank.
Kaspersky noted that a UAE…
