Hackers From North Korea Hitting Financial Targets

The North Korean government-backed hacking group BlueNoroff APT is targeting financial institutions with malware that affects Mac devices, as reported in Recorded Future News. The strain is dangerous because it is masked as legitimate software.

According to the U.S. Treasury Department, BlueNoroff APT is a subgroup of Lazarus, the best-known North Korean government hackers. BlueNoroff hits venture capital firms, banks, and cryptocurrency exchanges with financially motivated attacks.

The U.S. Treasury Department says, “Cybersecurity firms first noticed this group as early as 2014 when North Korea’s cyber efforts began to focus on financial gain in addition to obtaining military information, destabilizing networks, or intimidating adversaries.”

The Treasury says that by 2018, the group had attempted to steal more than $1.1 billion from targets and had carried out attacks against numerous banks, mostly in southeast Asia. It stole $80 million dollars from the Central Bank of Bangladesh’s New York Federal Reserve account.

“The discovery of the new malware strain by Jamf Threat Labs is significant because it shows that BlueNoroff is continuing to develop new and sophisticated malware,” says Ngoc Bui, a cybersecurity expert at Menlo Security. “The fact that the malware was undetected by VirusTotal at the time of uploading suggests that BlueNoroff is taking steps to evade detection.”

In 2019, the U.S. Treasury Department sanctioned BlueNoroff. It said the group was formed by the North Korean government to earn revenue in response to increased global sanctions, and for its nuclear weapons and ballistic missile programs

Researchers became interested after discovering malware that had not been submitted to VirusTotal, a repository for malicious software. Submissions from Japan and the U.S. were looking into the malware in September and October.

Previously, the group used phishing emails posing as job recruiters to infect targets with backdoor malware that can steal data and remotely control infected systems.