A North Korean-based hacker group which is tracked as “BlueNoroff Hacker Group” was identified to be targeting the small and medium-sized cryptocurrency companies with fake MetaMask browser extensions and malicious documents.
The BlueNoroff Hacker Group working for the North Korean government, stole almost $400 million worth of cryptocurrencies from seven companies during 2021.
Using the cryptocurrency mixers and Asian crypto exchanges the operators of BlueNoroff have laundered and cashed out a maximum of their funds.
Why maximum funds instead of full? The state-sponsored hackers of the BlueNoroff group failed to cash out all of their stolen funds, but they managed to put their hands on the maximum amount of funds that they have stolen.
On further analysis, it has been detected that the hackers did not cash out more than $170 million worth of cryptocurrency stolen from 49 cryptocurrency exchanges between the following years:-
In these events 58% of the stolen funds were Ether and 20% were Bitcoin. While the crypto exchange, Chainalysis linked these attacks to the Lazarus group, it’s a term often used to describe the acts of several other North Korean state-sponsored hackers.
But, here, in this case, the BlueNoroff hacking group is tracked as a division of the Lazarus hacking group that is often associated with hacking banks and cryptocurrencies.
After several years of investigation, the cybersecurity at Kaspersky Lab has managed to connect the hacking group, BlueNoroff with numerous hacks of small and medium-sized cryptocurrency companies in the following countries:-
Here in the below image, you can see the company names and logos that were targeted by BlueNoroff:-
In a malicious campaign called SnatchCrypto, via email or via LinkedIn messages the hackers sent malicious documents to people working for crypto companies.
Once these files were viewed and interacted by the victim, a backdoor gets installed automatically on the victim’s system through which the hackers access the network of their victims.
While in other campaigns they used LNK files, and the end result was the same, in short, BlueNoroff hackers accessed the victim’s device.
In this type of event, the hackers for several weeks or months closely monitor their targets, and they track and collects the following data and activities of their targets for financial theft:-
Moreover, by using the malicious version of the Metamask Chrome extension the hackers replace the original version of the Metamask Chrome extension and record the activities of their target when they initiate a transaction to steal their data and steal all the available funds.
In a resounding triumph for justice, U.S. District Judge Kathryn Kimball Mizelle has sentenced Vitalii…
Hackers are plotting to benefit from the generosity of Halloween, Thanksgiving, and Christmas shoppers using…
The LLMs (Large Language Models) are evolving rapidly with continuous advancements in their research and…
In the dynamic realm of mobile application security, cybercriminals employ ever more sophisticated forms of…
A recent campaign has been observed to be delivering DJvu ransomware through a loader that…
In a pivotal update to the Okta security incident divulged in October 2023, Okta Security…