BlueNoroff Threat Group Targeting Crypto SMBs

The APT (advanced persistent threat) group, BlueNoroff, which is part of the North Korea-associated Lazarus Group, has been identified as the perpetrator of a multitude of attacks targeting SMBs, with victims suffering major losses in cryptocurrency.

According to a Kaspersky research group, BlueNoroff’s campaign, known as SnatchCrypto, fixes its crosshairs on companies dealing with cryptocurrencies, smart contracts, blockchain, decentralized finance, and the financial technology industry.

The research group stated that the companies were specifically targeted, and that startups are generally no stranger to receiving unsolicited, malicious messages and documents. Further insight was offered in a recent blog post published by the researchers:

“As most cryptocurrency businesses are small or medium-sized startups, they cannot invest lots of money into their internal security system. The actor understands this and takes advantage by using elaborate social engineering schemes.”

The SnatchCrypto campaign involves hackers trying to manipulate the target company through the pretence of being a legitimate, existing venture capital firm; although researchers observed close to twenty venture firm names used for the attacks, researchers believe the actual firms had no involvement.

The researchers reported that the hackers behind the attacks send startup personnel a “full-featured Windows backdoor with surveillance functions, disguised as a contract or another business file.” 

Once the file is opened on an internet-connected device, a macro-enabled document will be obtained to deploy malware; the malicious programme will then send the target’s general info and PowerShell agent to the hackers, creating a backdoor.

Next, BlueNoroff will deploy additional tools, including a keylogger and screenshot-taker, to snoop on the victim’s activities. Finally, following weeks or even months’ worth of monitoring, the hackers will close in on a single target and put to use the sensitive data they’ve scraped in order to steal their cryptocurrency.


Google Warns its Chrome Users after Browser Faces 'High Threat' Attack

03/05/2022 Billions of Chrome users are being warned after the successful attack has revealed 30 new security flaws, including seven that pose a ‘high threat’ to users. Attackers have managed to access Chrome's unused memory. This is typically used to help the browser run smoother, however by exploiting this finding it has given hackers access to the inner workings...

Cyber Attack Recovery Bill Concerns for Gloucester City Council

21/03/2022 But with the final recovery bill expected to cost hundreds of thousands of pounds, members of the council have understandably been expressing their concerns. In order to restore several of its affected online services, a £380,000 reserve was created; the Government and Local Government Association also provided the council with a collective £250,000. Despite...

What Are Internet Trackers & How to Stop Them

21/03/2022 But what exactly are trackers? And how do you go about stopping them to create a more secure, worry-free internet experience? What are Internet Trackers? Tracking technologies – usually owned/developed by advertising and marketing firms and government agencies, among other authorities – are utilized to monitor visitor-based data for the purpose of establishing...

Ukraine’s Digital Minister Waging Cyber Warfare from Secret Bunker

21/03/2022 From a secret Kiev-based underground bunker, Fedorov has been urging high-ranking social media executives to sever Russia from their multinational services. Digital minister Fedorov has also set up an “IT Army of Ukraine” campaign in the hopes of recruiting volunteers willing to fight the country’s “enemy” with cyber attacks. The 31-year-old Fedorov,...


Share this article