North Korean Hackers Are Posing As Venture Capitalists To Steal Crypto Assets: Security Firm

A unit of the North Korean state-sponsored hacker Lazarus Group is impersonating financial and investment firms to steal crypto assets.

According to security firm Kaspersky, the group known as BlueNorOff is creating fake domains that look like those of legitimate venture capital and banking companies.

“The actor usually used fake domains such as cloud hosting services for hosting malicious documents or payloads.”

The firms that the hackers imitate are mostly based in Japan, including Beyond Next Ventures, ANOBAKA, Angel Bridge, ABF Capital, Sumitomo Mitsui Banking Corporation, Mitsubishi UFJ Financial Group and Z Venture, suggesting of BlueNorOff’s interest in Japanese financial entities.

“Most of the companies are Japanese companies, indicating the actor has a keen interest in Japanese markets.”

The cybersecurity company says that one of BlueNorOff’s victims appears to be a home financing company based in the United Arab Emirates (UAE). Kaspersky says the infection was made through malware with a Japanese file name, indicating that the target can read Japanese.

“Based on the domain naming and decoy documents, we assume, with low confidence, that the entities in Japan are on the radar of this group. In one PowerPoint sample, we observed that the actor took advantage of a Japanese venture capital company.”

 

Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any losses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any cryptocurrencies or digital assets, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.

Featured Image: Shutterstock/Suvit Topaiboon/Zalevska Alona UA