On December 27, Kaspersky Lab reported that the North Korean hacking group “BlueNoroff” had created more than 70 fictitious domains and impersonated banks and venture capital firms in order to steal millions of dollars in cryptocurrencies.
The investigation revealed that most of the domains imitated Japanese venture capital firms, indicating a keen interest in user and business data in that nation.
“We investigated the infrastructure that was utilized and found that this group used more than 70 domains, indicating that they were very active up until recently. They also produced a large number of fake domains that mimicked those of banks and venture capital firms.
The Bluenoroff Group Perfected Its Infection Techniques
The BlueNoroff group injected malware into Word documents up until a few months ago. They have recently improved their methods, though, by developing a new Windows Batch file that enables them to increase the range and mode of execution of their malware.
The Windows Mark-of-the-Web (MOTW) security measures, a covert mark affixed to files downloaded from the Internet to guard users against files from dubious sources, are circumvented by these new.bat files.
Kaspersky confirmed in late September after a thorough investigation that the BlueNoroff group started using.iso and.vhd disk image files in addition to new scripts to spread viruses.
A user in the United Arab Emirates was a victim of the BlueNoroff group, according to Kaspersky, after downloading a Word document called “Shamjit Client Details Form.doc,” which gave the hackers access to his computer and allowed them to steal information while attempting to run more dangerous malware.
The victim issued several commands to gather fundamental system information, which stopped the malware from further spreading once the hackers had gained access to the computer. “They attempted to fingerprint the victim and install additional malware with high privileges,” according to the report.
Hacking Techniques Become More Dangerous
Whether you believe it or not, North Korea reportedly leads the world in cryptocurrency crime. According to reports, north Korean hackers have been successful in stealing cryptocurrency valued at over $1 billion up until may 2022. Lazarus, its largest group, has been identified as the organization behind significant phishing attacks and malware distribution methods.
One of the largest hacker groups in the world, Lazarus, from North Korea, raised enough money following the theft of more than 620 million dollars from Axie Infinity to significantly improve their software. They did this by using the domain bloxholder.com as a front to steal the private keys of many of their “customers.”
According to Microsoft, over the past few years, attacks have increased against cryptocurrency organizations in an effort to reap greater rewards, making them more sophisticated than before.
Sending infected files disguised as Excel tables with exchange company fee structures as a hook is one of the newest strategies employed by hackers through Telegram groups.
Once the victims open the files, they download a number of tools that give the hackers remote access to the compromised computer or mobile device.