North Korean hackers are pretending to be crypto VCs in new phishing scheme: Kaspersky

Dezember 27, 2022 0
840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjItMTIvYjEwMDcwZmItNzc0MC00ZGNjLTk4ZTQtMzY5NGFhOTljMDM2LmpwZw3D3D

State-sponsored Lazarus Group and associated hackers have had a busy year, and 2023 may see even more activity, the cybersecurity lab warned.

BlueNoroff, part of the North Korean state-sponsored Lazarus Group, has renewed its targeting of venture capital firms, crypto startups and banks. Cybersecurity lab Kaspersky reported that the group has shown a spike in activity after a lull for most of the year and it is testing new delivery methods for its malware.

BlueNoroff has created more than 70 fake domains that mimic venture capital firms and banks. Most of the fakes presented themselves as well-known Japanese companies, but some also assumed the identity of United States and Vietnamese companies.

The group has been experimenting with new file types and other malware delivery methods, according to the report. Once in place, its malware evades Windows Mark-of-the-Web security warnings about downloading content and then goes on to “intercept large cryptocurrency transfers, changing the recipient’s address, and pushing the transfer amount to the limit, essentially draining the account in a single transaction.”

Related: North Korea’s Lazarus behind years of crypto hacks in Japan — Police

According to Kaspersky, the problem with threat actors is worsening. Researcher Seongsu Park said in a statement:

“The coming year will be marked by the cyber epidemics with the biggest impact, the strength of which has been never seen before. […] On the threshold of new malicious campaigns, businesses must be more secure than ever.”

The BlueNoroff subgroup of Lazarus was first identified after it attacked the Bangladeshi central bank in 2016. It was among a group of North Korean cyber threats the U.S. Cybersecurity and Infrastructure Security Agency and Federal Bureau of Investigation mentioned in an alert issued in April.

North Korean threat actors associated with the Lazarus Group have been spotted attempting to steal nonfungible tokens in recent weeks as well. The group was responsible for the $600-million Ronin Bridge exploit in March.

More Stories

Bitcoin analysts see a ‘massive’ move as BTC price regains $112K

September 5, 2025 0

Justin Sun urges Trump-linked WLFI to unlock ‘unreasonably’ frozen tokens

September 5, 2025 0

7 largest Ether treasury companies right now ranked by holdings

September 5, 2025 0

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

You may have missed

7 largest Ether treasury companies right now ranked by holdings

September 5, 2025 0

Justin Sun urges Trump-linked WLFI to unlock ‘unreasonably’ frozen tokens

September 5, 2025 0

Bitcoin analysts see a ‘massive’ move as BTC price regains $112K

September 5, 2025 0

Gemini launches derivatives and ETH, SOL staking in Europe

September 5, 2025 0
img_20250905_115311-768x432-1

Abu Dhabi Grants GFO‑X Approval to Launch Digital Asset Exchange and Clearing House

September 5, 2025 0
Bitte geben Sie den Coingecko Free Api Key ein, damit dieses Plugin funktioniert

Subscribe To The Latest Crypto News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.