Skip to content

North Korean Hackers Stealing Crypto by Impersonating VCs and Banks

North Korean hackers are stealing cryptocurrency by pretending to be Japanese venture capitalists and banks.

Hackers in front of North Korea flag
Hackers in front of North Korea flag

A report from Kaspersky Labs claims that the hacking group "BlueNoroff" has stolen millions of dollars by creating over 70 fake domain names and passing them off as legitimate businesses. Most of these domain names pretended to be well-known Japanese companies, though some claimed to be American and Vietnamese businesses.

BlueNoroff Gang Explores New File Formats and Virus Distribution Techniques

According to the Kaspersky report, the BlueNoroff gang has been experimenting with new file formats and virus distribution techniques. Once installed, the malware can bypass security warnings and intercept large cryptocurrency transactions by altering the recipient's address and increasing the transfer amount beyond the threshold. In September, Kaspersky conducted a thorough investigation into the BlueNoroff gang and discovered that they were using .iso and .vhd disk bitmap images to spread malware and new scripts.

North Korea at the Forefront of Global Crypto Crime

North Korea has been at the forefront of cryptocurrency crime globally. From May 2022 until now, North Korean hackers are believed to have stolen over $1 billion worth of cryptocurrency. The Lazarus group has also been linked to high-profile phishing scams and malware distribution campaigns.

In one case, a consumer in the United Arab Emirates was infected by the BlueNoroff group after downloading a Word document titled "Shamjit Client Details Form.doc," which allowed the hackers to remotely access the user's computer and obtain information while attempting to execute more malicious malware.