Kaspersky, a cybersecurity firm, has issued an advisory asking users to stand guard amid the rising attacks by Lazarus Group, a North Korea-based group that has constantly been attacking users all over the world to steal funds.
In the latest development, the group is reported to have formed BlueNoroff to further expand its criminal activities. The hackers are targeting crypto startups in the fields of DeFi, smart contracts, FinTech, and Blockchain. BlueNoroff poses as a bunch of venture capitalists looking to offer support to these startups.
This is an attempt to hack because it uses fake domains to act like banks and venture capitalists.
Kaspersky has reported the issue, saying that BlueNoroff creates numerous fake domains to impersonate venture capital companies and banks. The cybersecurity firm has also detected a large number of attacks by Lazarus Group since the beginning of 2022. For instance, the group targets crypto startups all over the world, with a hiatus until the fall.
The attack basically does leverage malware that circumvents Mark-of-the-Web, thereby not giving users a chance to review a warning sign after downloading a file from the internet. Mark-of-the-Web, also known as MOTW, is a pop-up window that warns users every time they try to open a file downloaded from the internet.
A similar attack was previously conducted by Lazarus Group in September, targeting job seekers on Coinbase and Crypto.com. In order to ensure that users downloaded a pdf, the group conducted a phishing attack. Once downloaded, the pdf also installed a Trojan horse, which then stole several pieces of information that were personal and financial in nature.
Hacking has been on the rise, making it the most profitable business for North Korea. The region has stolen over $1.2 billion in cryptocurrency since 2017.
Throughout 2022, numerous prominent platforms fell victim to cyberattacks. An exploit in Binance Smart Chain was leveraged to steal over $100 million in cryptocurrencies. Even when FTX filed for bankruptcy, bad actors continued to execute their jobs.
A bad actor started siphoning funds from the FTX wallet immediately after the platform took to the internet to declare bankruptcy. This led to the theft of approximately $640 million in tokens.
Kaspersky is yet to provide more details about the attack. The same should be published in the days to come. Until then, one can only take due care in proceeding with their crypto startups. The best way is to report any suspicious activity on the internet, regardless of degree.
Seven high-profile companies, including FTX, have become victims of cyber attacks. Like any other group of hackers, Lazarus Group is constantly experimenting with new ways to attack users and steal their funds or information that leads to their funds.