• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer
  • Upcoming Events
    • TMRW, Dubai (February 8-10, 2023)
    • European Blockchain Convention, Barcelona (February 15-17, 2023)
    • Blockchain Fest, Singapore (February 16-17, 2023)
    • Blockchain Economy Summit, London (February 27-28, 2023)
    • Paris Blockchain Week (March 20-24, 2023)
    • GAIN Expo, Amsterdam (May 4-5, 2023)
    • Blockchain Expo North America, Santa Clara (May 17-18, 2023)
    • COMEX, Oman (May 22-25, 2023)
    • BLOCK3000: Blockchain Battle, Lisbon (July 6-7, 2023)
    • NFT Show Europe, Valencia (July 14-15, 2023)
    • TOKEN2049, Singapore (September 13-14, 2023)
    • Blockchain Expo Europe, Amsterdam (September 26-27, 2023)
    • Future Tech Event, Oman (November, 2023)
  • Past Events
    • Event Horizon
    • Blockchain Life
    • BlockShow Europe

Crypto Reporter

Online magazine about cryptocurrencies, NFTs, DeFi, GameFi and other blockchain technologies


Join us on Telegram: https://t.me/crypto_reporter
Visit Paris Blockchain Week on March 20-24, 2023
  • News
    • News Feed
    • Cryptocurrencies
      • Bitcoin
      • Altcoins
    • Payment solutions
    • Exchanges
      • Binance
      • bitFlyer
      • Bitfinex
      • CBOE
      • CME
      • Coinbase
      • Coincheck
      • Coinfloor
      • Nasdaq
      • Poloniex
    • Regulations
      • Australia
      • Belarus
      • China
      • Europe
      • India
      • Iran
      • Israel
      • Japan
      • North Korea
      • Philippines
      • Portugal
      • Russia
      • South Korea
      • Thailand
      • Turkey
      • Venezuela
      • Vietnam
      • United States
    • Blockchain platforms
    • Crypto news in brief
    • Stats & trends
    • Reviews
      • Ambrosus
      • ATN
      • Dash
      • Green Power Exchange
      • Power Ledger
      • ShapeShift
      • Waltonchain
      • Cryptocurrency market capitalization can top 4 trillion USD, under conservative estimates
    • Opinion
    • Sponsored
  • Press Releases

Kaspersky finds BlueNoroff APT actor disguised itself as VC firms to deliver new malware

December 27, 2022 By GlobeNewswire

Woburn, MA, Dec. 27, 2022 (GLOBE NEWSWIRE) -- Kaspersky researchers have discovered that the infamous Advanced Persistent Threat (APT) actor BlueNoroff recently added sophisticated new malware strains to its arsenal. BlueNoroff is known as the threat actor that targets financial entities’ cryptocurrency around the world, specifically aiming at venture capital firms, crypto startups, and banks. Now, the BlueNoroff actor is experimenting with new file types to convey their malware more efficiently and have created more than 70 fake domains of venture capital firms and banks to lure startup employees into a trap.  

BlueNoroff is part of the larger Lazarus group and uses its sophisticated malicious technologies to attack organizations that, by the nature of their work, deal with smart contracts, DeFi, Blockchain, and the FinTech industry. In January 2022, Kaspersky experts reported on a series of attacks detected on cryptocurrency startups worldwide, conducted by BlueNoroff, but afterwards there was a lull. However, based on Kaspersky’s telemetry, this autumn, the threat actor returned to attack, even more sophisticated and active than ever before.

According to the researchers, the attackers have used phishing techniques to try to infect targeted companies and then intercept large cryptocurrency transfers, changing the recipient's address, and pushing the transfer amount to the limit, essentially draining the account in a single transaction.

Kaspersky experts believe that the attackers are currently actively testing new malware delivery methods, for example, using previously unused file types such as a new Visual Basic Script, an unseen Windows Batch file, and a Windows executable to infect the victim.

Blunoroff has also deployed new strategies to increase its efficiency in circumventing Windows security measures. Recently, many threat actors have started using image files to avoid Mark-of-the-Web (MOTW). In a nutshell, the MOTW flag is a security measure whereby Windows issues a warning message, offering to open a file in “Protected view,” when a user tries to open a file downloaded from the Internet. To avoid this mitigation technique, an increasing number of threat actors have started to exploit ISO file types (digital copies of regular CD disks used for distribution of software or media content). BlueNoroff has adopted this technique.

The threat actor is increasing the power of its attacks every day. In October 2022, Kaspersky researchers observed 70 fake domains mimicking well-known venture capital firms and banks. Most of the domains imitate Japanese firms, like Beyond Next Ventures, Mizuho Financial Group, and others. This indicates that this group has extensive interest in Japanese financial entities. According to Kaspersky telemetry, the actor also targets UEA organizations and disguises itself as US and Vietnamese companies.

“As per our forecast in recent APT predictions for 2023, the coming year will be marked by the cyber epidemics with the biggest impact, the strength of which has been never seen before,” said Seongsu Park, lead security researcher at Kaspersky’s Global Research and Analysis Team (GReAT). “They will resemble the infamous WannaCry in their technological superiority and effect. Our findings in the BlueNoroff experiments prove that cybercriminals are not standing still and are constantly testing and analyzing new and more sophisticated tools of attack. On the threshold of new malicious campaigns, businesses must be more secure than ever: train your employees in the basics of cybersecurity and use a trusted security solution on all corporate devices.”

Read more about BlueNoroff in the full report on Securelist.

For organizations’ protection, Kaspersky suggests the following:

  • Provide your staff with basic cybersecurity hygiene training. Conduct a simulated phishing attack to ensure that they know how to identify phishing emails.
  • Carry out a cybersecurity audit of your networks and remediate any weaknesses discovered in the perimeter or inside the network.
  • Choose a proven endpoint security solution such as Kaspersky Endpoint Security for Business that is equipped with behavior-based detection and anomaly control capabilities for effective protection against known and unknown threats.
  • Use a dedicated set of cybersecurity solutions for effective endpoint protection, threat detection and response products to detect and remediate even new and evasive threats in a timely fashion. Kaspersky Optimum Framework includes the essential set of endpoint protection empowered with EDR and MDR.

 

About Kaspersky

Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 250,000 corporate clients protect what matters most to them. Learn more at usa.kaspersky.com.

Media Contact

Sawyer Van Horn

sawyer.vanhorn@Kaspersky.com

(781) 503-1866

 

 

Attachments

  • ISO image file used to deliver malware
  • Fake VC document
CONTACT: Sawyer Van Horn
Kaspersky
sawyer.vanhorn@kaspersky.com

Filed Under: News Feed

Primary Sidebar

Follow Us

Press Releases

London is going to host the largest crypto & blockchain conference

February 8, 2023

2023 Price Projections For Axie Infinity (AXS), Orbeon Protocol (ORBN), And Aptos (APT)

February 8, 2023

Banxa and MetaMask Partner to Make it Easier to Access Web3

February 7, 2023

Orbeon Protocol (ORBN) vs Fantom (FTM): Which Will Offer Better Returns?

February 7, 2023

Orbeon Protocol (ORBN) Continues Upward Trend, While Filecoin (FIL) and Zcash (ZEC) Struggle

February 7, 2023

TMRW

EBC 2023

Blockchain Fest Singapore 2023

Blockchain Economy London 2023

PBW 2023

GAIN Expo 2023

Blockchain Expo North America 2023

COMEX 2023

Blockchain Expo Europe 2023

Blockchain Expo Global 2023

Footer

Crypto Reporter is an online magazine about cryptocurrencies, NFTs, DeFi, GameFi and other blockchain technologies
About us
Contact us
Submit press-release

Search

2017-2023 Crypto Reporter