In autumn, Kaspersky Lab experts discovered targeted attack BlueNoroff cybergroups to venture capital funds, startups and banks working with cryptocurrencies around the world. This was reported to ForkLog by representatives of the company.
Hackers created 70 fake domains masquerading as well-known venture funds and banks in Japan, the US, Vietnam and the UAE. Attackers are also experimenting with new file types — Visual Basic Script, Windows Batch, and Windows executable files — to inject malware.
Infection of systems, as a rule, occurs by sending documents supposedly containing a contract from the client. The malware allows hackers to control the system and plan to steal cryptocurrencies.
At the time of the transaction by the victim, the funds are transferred to the hacker’s wallet. Due to BlueNoroff’s ability to increase transfer limits, the stolen amount may be higher.
Hackers have learned to bypass the Mark-of-the-Web feature that warns users about opening downloaded files and launches them in protected mode. To do this, they inject malware into images and ISO files.
Kaspersky Lab warns that in 2023 BlueNoroff is capable of launching a large-scale cyber epidemic exceeding WannaCry.