A North Korean hacking group is stealing millions by posing as Japanese venture capital firms and banks

Image: cryptopotato

On December 27 this year, Kaspersky Lab reported that North Korean hacking group BlueNoroff stole millions of dollars in cryptocurrencies after creating more than 70 fake domains and impersonating banks and venture capital firms. 

 According to the study, most of the domains mimicked Japanese venture capital firms, indicating a strong interest in the country's user and business data. 

 "After investigating the infrastructure used, we found more than 70 domains used by this group, which means that they were very active until recently. In addition, they created many fake domains that look like venture capital and banking domains. 

 The bluenoroff group improved their infection techniques 

 A few months ago, the BlueNoroff group used Word documents to inject malware, but they recently improved their techniques and created a new Windows batch file that allows them to expand the scope and execution of their malware. 

 These new .bat files bypass Windows' Mark-of-the-Web (MOTW) security measures, a hidden mark added to files downloaded from the Internet that protects users against files from untrusted sources. 

 After an in-depth investigation at the end of September, Kaspersky confirmed that in addition to using new scripts, the BlueNoroff group started using .iso and .vhd disk files to spread viruses. 

 Kaspersky also discovered that a user in the United Arab Emirates fell victim to the BlueNoroff group after downloading a Word document called "Shamjit Client Details Form.doc" that allowed the hackers to connect to their computer at startup and obtain information. even more powerful malware. 

 After the hackers logged into the computer, they "attempted to fingerprint the victim and install advanced malware," but the victim issued several commands to gather basic system information, which prevented the malware from spreading further. 

 Hacking Techniques Are More Dangerous 
 Believe it or not, North Korea is said to lead the world in crypto crime. According to reports, North Korean hackers have managed to steal more than billions of dollars worth of crypto assets by May 2022. Its largest group, Lazarus, is responsible for major phishing attacks and malware distribution techniques.
 After stealing more than 620 million dollars from Axie Infinity, the North Korean hacking group Lazarus, one of the biggest hacking groups in the world, raised enough money to improve their software to the point where they created an advanced cryptocurrency with bloxholder's domain. .com. is used as a front to steal the private keys of many of their "customers". 

 As reported by Microsoft, attacks against cryptocurrencies for higher rewards have increased in recent years, making attacks more sophisticated than before. 
 One of the latest techniques used by hackers through Telegram groups is to send infected files disguised as Excel spreadsheets as a hook containing exchange payment structures. 

 When victims open the files, they download a set of programs that allow the hacker to remotely access the infected device, be it a mobile device or a computer.

source :cryptopotato

Post a Comment

Lebih baru Lebih lama