• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
bluenoroff apt hackers using new ways to bypass windows motw

BlueNoroff APT Hackers Using New Ways to Bypass Windows MotW Protection

You are here: Home / General Cyber Security News / BlueNoroff APT Hackers Using New Ways to Bypass Windows MotW Protection
December 27, 2022

BlueNoroff, a subcluster of the infamous Lazarus Team, has been observed adopting new tactics into its playbook that permit it to bypass Windows Mark of the Web (MotW) protections.

This involves the use of optical disk impression (.ISO extension) and virtual challenging disk (.VHD extension) file formats as aspect of a novel an infection chain, Kaspersky disclosed in a report published nowadays.

“BlueNoroff designed quite a few fake domains impersonating undertaking money providers and financial institutions,” security researcher Seongsu Park mentioned, introducing the new attack procedure was flagged in its telemetry in September 2022.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Some of the bogus domains have been observed to imitate ABF Funds, Angel Bridge, ANOBAKA, Bank of The usa, and Mitsubishi UFJ Fiscal Group, most of which are found in Japan, signalling a “keen curiosity” in the area.

Also named by the names APT38, Nickel Gladstone, and Stardust Chollima, BlueNoroff is aspect of the more substantial Lazarus menace team that also comprises Andariel (aka Nickel Hyatt or Silent Chollima) and Labyrinth Chollima (aka Nickel Academy).

The danger actor’s monetary motivations as opposed to espionage has built it an unusual country-condition actor in the threat landscape, allowing for for a “wider geographic distribute” and enabling it to infiltrate corporations across North and South The us, Europe, Africa, and Asia.

CyberSecurity

It has considering that been involved with high-profile cyber assaults aimed at the SWIFT banking network in between 2015 and 2016, including the audacious Bangladesh Bank heist in February 2016 that led to the theft of $81 million.

Lazarus Group

Because at minimum 2018, BlueNoroff seems to have been through a tactical change, shifting away from hanging banking institutions to exclusively focusing on cryptocurrency entities to deliver illicit revenues.

To that finish, Kaspersky previously this year disclosed information of a campaign dubbed SnatchCrypto orchestrated by the adversarial collective to drain digital money from victims’ cryptocurrency wallets.

A further important action attributed to the team is AppleJeus, in which fake cryptocurrency firms are established up to lure unwitting victims into setting up benign-seeking apps that sooner or later acquire backdoored updates.

The latest activity determined by the Russian cybersecurity enterprise introduces slight modifications to express its ultimate payload, swapping Microsoft Term doc attachments for ISO documents in spear-phishing e-mails to bring about the infection.

These optical graphic documents, in flip, comprise a Microsoft PowerPoint slide exhibit (.PPSX) and a Visual Primary Script (VBScript) that is executed when the goal clicks a link in the PowerPoint file.

In an alternate technique, a malware-laced Windows batch file is introduced by exploiting a residing-off-the-land binary (LOLBin) to retrieve a 2nd-phase downloader that is employed to fetch and execute a remote payload.

Lazarus Group

Also uncovered by Kaspersky is a .VHD sample that will come with a decoy task description PDF file that’s weaponized to spawn an intermediate downloader that masquerades as antivirus software to fetch the upcoming-stage payload, but not before disabling authentic EDR alternatives by eradicating remove user-manner hooks.

Even though the specific backdoor sent is not obvious, it truly is assessed to be similar to a persistence backdoor used in the SnatchCrypto attacks.

The use of Japanese file names for 1 of the lure documents as properly as the generation of fraudulent domains disguised as reputable Japanese venture cash firms suggests that monetary corporations in the island country are possible a target of BlueNoroff.

Cyber warfare has been a important emphasis of North Korea in reaction to economic sanctions imposed by a selection of nations around the world and the United Nations over fears about its nuclear packages. It has also emerged as a main resource of cash flow for the cash-strapped nation.

Indeed, in accordance to South Korea’s Countrywide Intelligence Provider (NIS), condition-sponsored North Korean hackers are estimated to have stolen $1.2 billion in cryptocurrency and other electronic property from targets all over the entire world about the last 5 a long time.

“This team has a potent fiscal determination and really succeeds in earning gains from their cyberattacks,” Park claimed. “This also implies that attacks by this group are unlikely to reduce in the close to future.”

Located this short article intriguing? Observe us on Twitter  and LinkedIn to examine far more exceptional content we article.


Some components of this posting are sourced from:
thehackernews.com

Previous Post: «facebook to pay $725 million to settle lawsuit over cambridge Facebook to Pay $725 Million to settle Lawsuit Over Cambridge Analytica Data Leak
Next Post: APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector apt hackers turn to malicious excel add ins as initial intrusion»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • New Variant of Banking Trojan BBTok Targets Over 40 Latin American Banks
  • How to Interpret the 2023 MITRE ATT&CK Evaluation Results
  • Iranian Nation-State Actor OilRig Targets Israeli Organizations
  • High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server
  • Apple Rushes to Patch 3 New Zero-Day Flaws: iOS, macOS, Safari, and More Vulnerable
  • Mysterious ‘Sandman’ Threat Actor Targets Telecom Providers Across Three Continents
  • Researchers Raise Red Flag on P2PInfect Malware with 600x Activity Surge
  • The Rise of the Malicious App
  • China Accuses U.S. of Decade-Long Cyber Espionage Campaign Against Huawei Servers
  • Cyber Group ‘Gold Melody’ Selling Compromised Access to Ransomware Attackers

Copyright © TheCyberSecurity.News, All Rights Reserved.