Reportseverity: High2022-01-13
Kaspersky exposes SnatchCrypto campaign draining cryptocurrency startups
published by Kaspersky (Securelist)
Actor
DPRK state-sponsored intrusion set treated by most vendors as the financial-operations subgroup of Lazarus, attributed to the Reconnaissance General Bureau. Responsible for the major SWIFT-network ba…
Summary
Kaspersky published 'The BlueNoroff cryptocurrency hunt is still on,' detailing a multi-year campaign dubbed SnatchCrypto in which BlueNoroff impersonated venture capital firms to spearphish fintech, DeFi, and blockchain startups. The actor used weaponised Office documents and LNK files, surveilled victims for weeks, and in high-value cases swapped the MetaMask browser extension with a trojanised build to alter outgoing transactions at signing time.
Tags
cryptocurrencyspearphishingmetamasksnatchcrypto
Primary source
securelist.comOther BlueNoroff events
- 2023-11-01Elastic Security Labs exposes KANDYKORN macOS intrusion at crypto exchange
- 2023-04-21Jamf Threat Labs discloses RustBucket macOS malware tied to BlueNoroff
- 2022-04-18CISA/FBI/Treasury joint advisory AA22-108A on TraderTraitor
- 2017-04-03Securelist 'Lazarus Under the Hood' details Bangladesh Bank SWIFT heist