Hacking Group in North Korean Steals Millions

North Korea

North Korean group BlueNoroff has find a new way to hack into your crypto wallets. Now it resembles banks and Japanese VC firms.

On December 27, Kaspersky Lab announced that the North Korean hacking group ‘BlueNoroff’ stole millions of dollars in cryptocurrencies after creating more than 70 fake domains and impersonating banks and venture capital firms.

According to the investigation, most of the domains mimicked Japanese venture capital firms, denoting a strong interest in user and company data within that country.

“After researching the infrastructure that was used, we discovered more than 70 domains used by this group, meaning they were very active until recently. Also, they created numerous fake domains that look like venture capital and bank domains.”

Until a few months ago, the BlueNoroff group used Word documents to inject malware. However, they recently improved their techniques, creating a new Windows Batch file that allows them to extend the scope and execution mode of their malware.

These new .bat files circumvent Windows Mark-of-the-Web (MOTW) security measures, a hidden mark attached to files downloaded from the Internet to protect users against files from untrusted sources.

After a thorough investigation in late September, Kaspersky confirmed that in addition to using new scripts, the BlueNoroff group began using .iso and .vhd disk image files to distribute viruses.

Kaspersky also found that a user in the United Arab Emirates fell victim to the BlueNoroff group after downloading a Word document called “Shamjit Client Details Form.doc,” which allowed the hackers to connect to his computer and extract information as they attempted to execute even more potent malware.

Once the hackers were logged into the computer, “they attempted to fingerprint the victim and install additional malware with high privileges,” however, the victim executed several commands to gather basic system information, preventing the malware from spreading out even more.

This Post Has 5 Comments

  1. Johnna

    I have been browsing on-line greater than 3 hours today, but I never found any attention-grabbing article like yours. It is beautiful value sufficient for me. Personally, if all webmasters and bloggers made good content as you probably did, the web will probably be much more useful than ever before!

  2. Shalonda

    I will immediately snatch your rss feed as I can’t find your e-mail subscription link or newsletter service. Do you have any? Kindly let me recognize so that I may subscribe. Thanks!

  3. which escape room

    Howdy! Do you know if they make any plugins to help with Search Engine Optimization? I’m trying
    to get my blog to rank for some targeted keywords but I’m not seeing very
    good results. If you know of any please share. Thanks!
    I saw similar art here: Choose your escape room

  4. hitman.agency

    Hello! Do you know if they make any plugins to assist with SEO?

    I’m trying to get my blog to rank for some targeted keywords but I’m not seeing very good results.
    If you know of any please share. Many thanks!

    I saw similar article here: Auto Approve List

  5. e-commerce

    Wow, fantastic blog layout! How lengthy have you ever been blogging for?

    you make running a blog look easy. The whole glance of your
    site is magnificent, as well as the content! You can see similar here sklep internetowy

Leave a Reply

Important Link

Fund Your Deriv Account
Withdraw Funds to Your Local Currency
VIP Trading Signals
Learn To Trade

Contact Us

Follow Us


Forex, Crypto, Options, and Binary Options have both large potential rewards and large potential risks. Therefore, before investing or trading any of the assets, ensure you are aware of and willing to accept the accompanying risks. Do not trade money you cannot afford to lose.

All Rights Reserved. None of the content of this website can be published elsewhere by any means without the prior consent of the owner(s). Please, check our terms & conditions and privacy policy before continuing to use this website.

This website and its owner(s) are not in any way liable for any incurred loss, whether caused by the information provided on this website or otherwise. The use of this website, including the content and information provided, is the user’s sole liability.