BlueNoroff, an infamous Advanced Persistent Threat (APT) actor and part of the Lazarus cybercrime group, has added new sophisticated malware strains to its arsenal, a report from Kaspersky shared.
(For insights on emerging themes at the intersection of technology, business and policy, subscribe to our tech newsletter Today’s Cache.)
Known for targeting financial entities like cryptocurrency, venture capital firms, and banks, BlueNoroff is experimenting with new file types.
The group is actively experimenting and testing new malware delivery methods like using previously unused file types such as a new Visual Basic Script, unseen Windows Batch files, and Windows executable files to infect the victims.
It has also increased the efficiency of circumventing Windows security measures by inventing new strategies, the report shared.
The APT actor has reportedly created 70 fake domains of venture capital firms and banks to trap employees of start-ups.
The fake domains mimicking world-known venture capital firms and banks indicate the group has extensive interest in financial entities, especially in Japan. The indication is based on the groups’ propensity to mimic financial entities in these countries. The threat actor also targets organisations in the U.A.E., U.S., and Vietnam.
According to APT predictions for 2023, the year will be marked by cyber epidemics with proportions resembling the infamous WannaCry in their technological superiority and effect. “Our findings in the BlueNoroff experiments prove that cybercriminals are not standing still and are constantly testing and analysing new and more sophisticated tools of attack” shared Kaspersky.