North Korean Hacker Group Steals Millions Posing As Japanese VCs and Banks

According to Kaspersky Lab’s investigation, most of these fake domains mimicked Japanese venture capital firms, indicating a strong interest in obtaining user and company data from that country. This marks the latest in a series of attacks by BlueNoroff, which has previously targeted financial institutions and cryptocurrency exchanges worldwide.

The BlueNoroff group has recently made strides in improving its malware injection techniques. Previously, they had relied on Word documents to deliver their malware, but they have now turned to creating Windows Batch files. These .bat files allow the group to expand the reach and execution of their malware, and they can bypass Windows’ Mark-of-the-Web (MOTW) security measures designed to protect users from downloading untrusted files.

According to Kaspersky’s investigation, the BlueNoroff group has also started using .iso and .vhd disk image files to distribute viruses. These new tactics were discovered in late September, demonstrating the group’s ongoing efforts to evolve and evade detection. Users need to remain vigilant and protect themselves by only downloading files from trusted sources and regularly updating their security software.

The impact of these hacks cannot be underestimated, as they not only resulted in the theft of significant funds but also put the personal and financial information of individuals and businesses at risk. It serves as a reminder of the need for individuals and organizations to be vigilant in protecting themselves online and to be cautious of any suspicious activity or requests for sensitive information.

 If you want more news articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, and Instagram.

“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”