BlueNoroff, a North Korean hacking group, is currently mainly targeting crypto startups, according to a report from cybersecurity firm Kaspersky.
BlueNoroff Targets Crypto Startups Only
According to a new report from Kapersky, North Korean hacking group BlueNoroff has almost exclusively targeted crypto startups.
BlueNoroff is a hacking group with ties to the major crypto crime group Lazarus, which is known to have close ties to North Korea in the past.
The group initially targeted banks and payment networks SWIFT, beginning with an attack on the Central Bank of Bangladesh in 2016.
But now, BlueNoroff has “shifting its focus… to crypto businesses” instead of traditional banks, Kaspersky said.
According to the report, the group had previously started each attack by “follow and research successful crypto startups” through lengthy phishing campaigns involving emails and internal chats.
BlueNoroff has impersonated a number of crypto businesses including the merchant arm of Cardano, Emurgo, and New York-based Digital Currency Group firm VC.
The group has also impersonated Beenos, Coinsquad, Decrypt Capital, and Coinbig.
Kaspersky noted that those companies were not compromised in the attacks.
Hackers are getting more sophisticated
After gaining the trust of the target startup and its members, the hackers will ask the company to install a modified software update with backdoor access, allowing for deeper penetration.
The team will then use the backdoor to collect the user's login information and monitor the user's keystrokes.
Kaspersky says that monitoring of user activity will be lengthy “in a few weeks or months.”
BlueNoroff typically exploits CVE-2017-0199 in Microsoft Office, allowing Visual Basic scripts to be executed in Word documents.
The hacker group will also replace browser wallet add-ons, such as Metamask, with compromised versions.
These strategies allow hackers to steal company money as well “establishing an extensive surveillance infrastructure” Notify the hacker group of large transactions.
How much was stolen?
Kaspersky did not say how much money was stolen through these attacks. However, Kaspersky's Costin Raiu previously identified bZx as a target in BlueNoroff's SnatchCrypto campaign.
That exchange saw $55 million stolen in November 11.
The U.S. Department of the Treasury has also stated that BlueNoroff, along with Lazarus and other subgroups, stole $571 million in cryptocurrency from the exchange between January 1 and September 2017.
BlueNoroff stole more than $1,1 billion from financial institutions in 2018, the Treasury Department said in the same report.