Advanced Persistent Threat (APT) actor BlueNoroff, a member of the Lazarus cybercrime group, has expanded its malware arsenal with new sophisticated strains, according to a report from Kaspersky.
BlueNoroff, which is known for targeting financial entities including cryptocurrency firms, banks and venture capital firms, is using previously unused file types such as Visual Basic Script, Windows Batch files and Windows executable files to infect victims, as well as developing new strategies for bypassing Windows security measures.
The group has also created 70 fake domains mimicking well-known venture capital firms and banks in order to lure employees at start-ups, with a particular focus on Japan, as well as targeting organizations in the U.A.E., U.S. and Vietnam.
Kaspersky said the findings demonstrate that “cybercriminals are not standing still and are constantly testing and analysing new and more sophisticated tools of attack”.
The company added that APT attacks in 2023 are expected to resemble the WannaCry attack in terms of their technological superiority and impact.
Threat overview
BlueNoroff is a highly skilled APT actor that has been active since at least 2010. It is known for targeting a wide range of sectors, including financial services, critical infrastructure, manufacturing, media and government organizations.
The group has been linked to a number of high-profile attacks, including the 2014 Sony Pictures hack and the 2017 WannaCry ransomware attack, which affected more than 300,000 computers in 150 countries and caused billions of dollars in damage.
BlueNoroff is believed to be based in North Korea and operates as part of the Lazarus Group, a state-sponsored hacking organization that has been blamed for a number of major cyber attacks.
New malware strains
According to the Kaspersky report, BlueNoroff is experimenting with new file types and delivery methods in order to infect victims.
The group is using Visual Basic Script, Windows Batch files and Windows executable files, all of which are less commonly used by cybercriminals and therefore less likely to be detected by security systems.
In addition, BlueNoroff has increased the efficiency of its attacks by developing new strategies for bypassing Windows security measures. The group has also created 70 fake domains mimicking well-known venture capital firms and banks, in an effort to lure employees at start-ups.
The fake domains, which are primarily focused on Japan, suggest that BlueNoroff has a particular interest in financial entities in the country. The group has also been known to target organizations in the U.A.E., U.S. and Vietnam.
APT predictions for 2023
Kaspersky warns that APT attacks in 2023 are expected to resemble the WannaCry attack in terms of their technological superiority and impact, with the potential to cause widespread disruption.
The company said: “Our findings in the BlueNoroff experiments prove that cybercriminals are not standing still and are constantly testing and analysing new and more sophisticated tools of attack”.
BlueNoroff is a highly skilled APT actor that has been active for more than a decade, targeting a wide range of sectors including financial services, critical infrastructure and government organizations. The group is now experimenting with new file types and delivery methods, and has increased the efficiency of its attacks by developing new strategies for bypassing Windows security measures.
APT attacks are expected to increase in sophistication and impact in 2023, with the potential to cause widespread disruption, according to Kaspersky. The company’s findings in the BlueNoroff experiments demonstrate that cybercriminals are “constantly testing and analysing new and more sophisticated tools of attack”.
