Once the hackers were logged into the computer, “they attempted to fingerprint the victim and install additional malware with high privileges,” however, the victim executed several commands to gather basic system information, preventing the malware from spreading out even more. Kaspersky also found that a user in the United Arab Emirates fell victim to the BlueNoroff group after downloading a Word document called “Shamjit Client Details Form.doc,” which allowed the hackers to connect to his computer and extract information as they attempted to execute even more potent malware. vhd disk image files to distribute viruses.
bat files circumvent Windows Mark-of-the-Web (MOTW) security measures, a hidden mark attached to files downloaded from the Internet to protect users against files from untrusted sources.Īfter a thorough investigation in late September, Kaspersky confirmed that in addition to using new scripts, the BlueNoroff group began using. However, they recently improved their techniques, creating a new Windows Batch file that allows them to extend the scope and execution mode of their malware. Until a few months ago, the BlueNoroff group used Word documents to inject malware. Also, they created numerous fake domains that look like venture capital and bank domains.” The Bluenoroff Group Perfected Its Infection Techniques “After researching the infrastructure that was used, we discovered more than 70 domains used by this group, meaning they were very active until recently. This December 27, Kaspersky Lab announced that the North Korean hacking group ‘BlueNoroff’ stole millions of dollars in cryptocurrencies after creating more than 70 fake domains and impersonating banks and venture capital firms.Īccording to the investigation, most of the domains mimicked Japanese venture capital firms, denoting a strong interest in user and company data within that country.
0 kommentar(er)
