Cryptocurrency startups fall victim to the North Korean hacker group BlueNoroff

After a report of cybersecurity firm Kaspersky, BlueNoroff, a group of North Korean hackers, is currently primarily targeting crypto startups.

BlueNoroff

BlueNoroff only targets cryptocurrency startups

BlueNoroff has ties to high-tech criminal group Lazarus, which is known to have had close ties with North Korea in the past. This criminal group initially targeted banks and payment networks SWIFT, starting with the attack on the central bank of Bangladesh in 2016.

But now BlueNoroff has shifted its focus to crypto companies rather than traditional banks, Kaspersky said.

According to the report, this group of hackers previously started every attack by “tracking and researching successful crypto startups through lengthy phishing campaigns with emails and chat conversations”.

BlueNoroff has been posing for several crypto companies including Cardano’s trading arm, Emurgo, and New York-based Digital Currency Group firm VC. It has also posed as Beenos, Coinsquad, Decrypt Capital, and Coinbig.

These companies were not compromised in the attacks, notes Kaspersky.

Hackers use backdoor

After gaining the trust of the target startup and its members, the hacking group will ask the company to install a modified software update with backdoor access that allows deep penetration.

The team then uses the back door to collect credentials and monitor the user’s keystrokes. Kaspersky says it will take “weeks or months” to monitor user activity.

BlueNoroff typically takes advantage of CVE-2017-0199 in Microsoft Office, which enables the execution of Visual Basic scripts in Word documents. The team will also replace browser wallet add-ons like Metamask with malicious versions.

These strategies allow hackers to steal company funds as well as “build a huge surveillance infrastructure” and notify them of large transactions.

Billions of dollars have been stolen

Kaspersky did not say how much money was stolen as a result of these attacks. However, Kaspersky’s Costin Raiu previously identified bZx as one of the targets of the BlueNoroff SnatchCrypto campaign. In November 2021, $ 55 million was stolen.

The US Treasury Department also did Disclosure that BlueNoroff, along with Lazarus and other teams, stole cryptocurrency worth $ 571 million from five exchanges between January 2017 and September 2018. BlueNoroff also stole more than $ 1.1 billion from financial institutions in 2018.

The analytics company also has Chainalysis suppose i think North Korean hackers stole $ 400 million in 2021. However, this report only mentions Lazarus in general and does not specifically mention BlueNoroff.

Join our telegram to keep track of news and comment on this article: https://t.me/coincunews

Follow the Youtube Channel | Subscribe to telegram channel | Follow the Facebook page

Cryptocurrency startups fall victim to the North Korean hacker group BlueNoroff

After a report of cybersecurity firm Kaspersky, BlueNoroff, a group of North Korean hackers, is currently primarily targeting crypto startups.

BlueNoroff

BlueNoroff only targets cryptocurrency startups

BlueNoroff has ties to high-tech criminal group Lazarus, which is known to have had close ties with North Korea in the past. This criminal group initially targeted banks and payment networks SWIFT, starting with the attack on the central bank of Bangladesh in 2016.

But now BlueNoroff has shifted its focus to crypto companies rather than traditional banks, Kaspersky said.

According to the report, this group of hackers previously started every attack by “tracking and researching successful crypto startups through lengthy phishing campaigns with emails and chat conversations”.

BlueNoroff has been posing for several crypto companies including Cardano’s trading arm, Emurgo, and New York-based Digital Currency Group firm VC. It has also posed as Beenos, Coinsquad, Decrypt Capital, and Coinbig.

These companies were not compromised in the attacks, notes Kaspersky.

Hackers use backdoor

After gaining the trust of the target startup and its members, the hacking group will ask the company to install a modified software update with backdoor access that allows deep penetration.

The team then uses the back door to collect credentials and monitor the user’s keystrokes. Kaspersky says it will take “weeks or months” to monitor user activity.

BlueNoroff typically takes advantage of CVE-2017-0199 in Microsoft Office, which enables the execution of Visual Basic scripts in Word documents. The team will also replace browser wallet add-ons like Metamask with malicious versions.

These strategies allow hackers to steal company funds as well as “build a huge surveillance infrastructure” and notify them of large transactions.

Billions of dollars have been stolen

Kaspersky did not say how much money was stolen as a result of these attacks. However, Kaspersky’s Costin Raiu previously identified bZx as one of the targets of the BlueNoroff SnatchCrypto campaign. In November 2021, $ 55 million was stolen.

The US Treasury Department also did Disclosure that BlueNoroff, along with Lazarus and other teams, stole cryptocurrency worth $ 571 million from five exchanges between January 2017 and September 2018. BlueNoroff also stole more than $ 1.1 billion from financial institutions in 2018.

The analytics company also has Chainalysis suppose i think North Korean hackers stole $ 400 million in 2021. However, this report only mentions Lazarus in general and does not specifically mention BlueNoroff.

Join our telegram to keep track of news and comment on this article: https://t.me/coincunews

Follow the Youtube Channel | Subscribe to telegram channel | Follow the Facebook page

Leave a Reply