Header Ads Widget


Lazarus is targeting bitcoin startups

Lazarus is targeting bitcoin startups

Cryptocurrency startups around the world are falling prey to the cyber group BlueNoroff, which steals their digital assets. This was reported to ForkLog by experts at Kaspersky Lab.

According to them, BlueNoroff sends out emails purportedly from existing venture capital firms as bait to get the victim to open the email application, a macro-enabled document.

Researchers found that the hackers inappropriately used the trademarks and employee names of more than 15 venture capital organizations. Experts believe the real companies had nothing to do with the attacks or the emails.

"If a device is not connected to the Internet, a macro-enabled document is not dangerous. Otherwise, it will download another document to the victim's device, deploying malware," Kaspersky Lab explained.

In addition to infected Word documents, attackers distribute malware in archive files with Windows shortcuts. They allow further creation of a fully functional backdoor. BlueNoroff uses keyloggers and screenshot software to monitor the victim.

"Once they find a suitable potential victim who uses a popular browser extension to manage cryptocurrencies such as Metamask, they spoof it with a fake version," the researchers specified.

Attackers also receive notification of large transfers and intercept the transaction at the time of execution, changing the recipient's address and increasing the transfer amount to the maximum.

BlueNoroff is part of the North Korean group Lazarus and uses its diversified structure and advanced technology to attack users in different countries.

To protect against hackers, Kaspersky Lab specialists recommend conducting regular audits of networks, using the latest solutions to defend against sophisticated attacks and teach employees the basics of cybersecurity.

Recall, according to Chainalysis, in 2021 hackers from the DPRK stole $400 million in cryptocurrencies.

Post a Comment