HomeWinBuzzer NewsMicrosoft Detects Shift in Tactics by North Korean "BlueNoroff" Hackers Targeting Crypto...

Microsoft Detects Shift in Tactics by North Korean “BlueNoroff” Hackers Targeting Crypto Firms

The notorious North Korean hacking group, BlueNoroff, has pivoted its tactics, shifting from social engineering to creating deceptive websites disguised as skills assessment portals.


has confirmed that the North Korean group, BlueNoroff or Lazarus Group, known for its cryptocurrency theft through social engineering, has shifted its strategy in recent weeks. According to Microsoft Threat Intelligence security professionals, the group has been developing new websites that are disguised as skills assessment portals, indicating a change in the threat actor's techniques.

Targeted Cryptocurrency Theft

These skill assessment-posing websites are reportedly password-protected to block scrutiny and mimic legitimate services to entice recruitment professionals to set up accounts. The intent, as outlined by Microsoft, appears to be establishing a base for hosting malicious payloads while avoiding detection and subsequent takedown attempts that have previously affected operations conducted on legitimate services like GitHub.

BlueNoroff has made headlines before, having utilized social platforms such as LinkedIn for initial contact with potential targets. They move successful communications to other platforms, where malware camouflaged within seemingly harmless documents gets deployed. Jamf Threat Labs had previously linked the group to the ObjCShellz macOS malware, prompting concerns across platforms.

Global Threat Landscape

With a history of significant attacks, such as the Axie Infinity's Ronin network bridge hack where they siphoned over $617 million in cryptocurrency, BlueNoroff's activities continue to draw the attention of international law enforcement agencies. They are also held responsible for a series of attacks against cryptocurrency startups and financial organizations spanning a host of countries including, but not limited to, the United States, , China, India, and the United Kingdom.

In 2022, the Lazarus Group was using Windows Updates as a target. the group was using  to deliver malware through a GitHub command-and-control (C2) server, security researchers warn. According to Malwarebytes Threat Intelligence, the Lazarus Group was masking itself as American aerospace juggernaut Lockheed Martin.

In addition to the ongoing , the group has been linked by Kaspersky to a sustained assault on institutions worldwide, hence prompting a response from the US Treasury in 2019, which sanctioned BlueNoroff alongside other North Korean groups like Lazarus Group and Andariel. These sanctions underscore the group's direct connection to the North Korean government, funneling stolen financial assets to the state's programs.

Microsoft's identification of these new techniques aligns with a consistent pattern of advancement in cyber threat methods, where groups like BlueNoroff evolve in response to enhanced measures. Entities, particularly within the cryptocurrency space, are advised to remain cautious of unsolicited communications and to follow cybersecurity best practices to defend against such sophisticated stratagems.

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News