North Korean Hackers Impersonate VCs to Steal Crypto

• North Korean hackers are stealing crypto by faking Japanese venture capitalists and banks.
• The gang has been exploring new file formats and other virus distribution techniques.
• North Korea is at the forefront of crypto crimes globally.

A recent Kaspersky Labs report claims that the North Korean hacking group “BlueNoroff” stole millions of dollars by creating over seventy bogus domain names and passing them off as banks and venture capital firms.

Experts say that the majority of the fake domains pretended to be well-known Japanese businesses, although some also claimed to be American and Vietnamese businesses.

According to this research, the gang has been exploring new file formats and other virus distribution techniques. Once installed, the malware avoids Windows Mark-of-the-Web download security warnings and goes on to intercept big cryptocurrency transactions. By doing this, the account may be drained in a single transaction by changing the recipient’s address and raising the transfer amount over the threshold.

On the same note, Kaspersky conducted a comprehensive investigation into the BlueNoroff gang in late September, and their usage of .iso and .vhd disk bitmap images to disseminate malware was proven, in addition to their use of new scripts.

As per Kaspersky’s research, a consumer in the United Arab Emirates was infected by the BlueNoroff collective after having to download a Word document titled “Shamjit Client Details Form.doc,” which allowed the hackers to remotely connect to the user’s computer and obtain information while attempting to execute even more malicious malware.

Additionally, it has been reported that North Korea is at the forefront of crypto crime globally. From May 2022 up until now, North Korean hackers have reportedly stolen over $1 billion worth of cryptocurrency. Lazarus, a bigger organization, has also been linked to several high-profile phishing scams and malware distribution campaigns.