Cyber group BlueNoroff has stepped up attacks on organizations working with cryptocurrencies – venture funds, crypto startups and banks. This was reported in the press service of the research center Kaspersky.
Last fall, the company’s experts discovered 70 fake domains that look like the resources of well-known venture funds and banks – Japanese, American, Vietnamese, from the UAE. Thus, hackers built traps for startups.
Also, attackers began to introduce malware using new types of files that are not yet familiar to security systems.
For example, a sales employee receives an e-mail with a .doc attachment disguised as a contract from a customer. By injecting malware through the opening of this file, hackers will be able to monitor daily transactions and commit theft when an employee tries to transfer a large amount of cryptocurrency.
New experimental hacker methods include the use of Visual Basic Script, Windows Batch, and Windows executables. Attackers have learned how to bypass a special Windows protection feature – Mark-of-the-Web (MOTW) – to open files with such a mark in a special protected mode.
The Kaspersky center predicts a possible “major cyber epidemic” in 2023 due to the constant experiments of hackers and their use of advanced tools.