DIRECTORY

  • Alerts
  • APTs
  • Blog
  • Books
  • Certifications
  • Cheat Sheets
  • Courses
  • Cyber Briefing
  • CyberDecoded
  • CyberReview
  • CyberStory
  • CyberTips
  • Definitions
  • Domains
  • Entertainment
  • FAQ
  • Frameworks
  • Hardware Tools
  • Incidents
  • Malware
  • News
  • Papers
  • Podcasts
  • Quotes
  • Reports
  • Tools
  • Threats
  • Tutorials
No Result
View All Result
  • Login
  • Register
  • Cyber Citizens
  • Cyber Professionals
  • Institutions
CyberMaterial
Get Help
  • Cyber Citizens
  • Cyber Professionals
  • Institutions
CyberMaterial
No Result
View All Result
Get Help
CyberMaterial
Home Alerts

BlueNoroff APT Hackers Using New Ways to Bypass Windows MotW Protection

December 27, 2022
Reading Time: 2 mins read
in Alerts

 

BlueNoroff, a subcluster of the notorious Lazarus Group, has been observed adopting new techniques into its playbook that enable it to bypass Windows Mark of the Web (MotW) protections.

This includes the use of optical disk image (.ISO extension) and virtual hard disk (.VHD extension) file formats as part of a novel infection chain, Kaspersky disclosed in a report published today.

“BlueNoroff created numerous fake domains impersonating venture capital companies and banks,” security researcher Seongsu Park said, adding the new attack procedure was flagged in its telemetry in September 2022.

Some of the bogus domains have been found to imitate ABF Capital, Angel Bridge, ANOBAKA, Bank of America, and Mitsubishi UFJ Financial Group, most of which are located in Japan, signalling a “keen interest” in the region.

It’s worth pointing out that although MotW bypasses have been documented in the wild before, this is the first time they have been incorporated by BlueNoroff in its intrusions against the financial sector.

Also called by the names APT38, Nickel Gladstone, and Stardust Chollima, BlueNoroff is part of the larger Lazarus threat group that also comprises Andariel (aka Nickel Hyatt or Silent Chollima) and Labyrinth Chollima (aka Nickel Academy).

 

READ FULL ARTICLE

Tags: AlertsAlerts 2022APT38BlueNoroffDecember 2022ISO extensionLazarus groupMark of the WebMotWNickel GladstoneSeongsu ParkStardust ChollimaVHD extension
0
VIEWS
ADVERTISEMENT

Related Posts

Cyber Espionage in North Africa

Cyber Espionage in North Africa

June 9, 2023
Barracuda Urges ESG Appliance Replacement

Barracuda Urges ESG Appliance Replacement

June 9, 2023
North Korean Kimsuky: Targeting Experts

North Korean Kimsuky: Targeting Experts

June 9, 2023
Belarusian Hackers: Cybercrime and Espionage

Belarusian Hackers: Cybercrime and Espionage

June 9, 2023

More Articles

Incidents

Attackers Use Clipminer Cryptominer to Rake in $1.7M

June 6, 2022
Incidents

Cyber Attack on 3 Canadian Ports

April 13, 2023
Course

Introduction to Computer Science and Programming Using Python

October 19, 2020
Alerts

ABB security advisory (AV22-408)

July 22, 2022

Security through data

Cybersecurity Domains

  • API Security
  • Business Continuity
  • Career Development
  • Compliance
  • Cryptography
  • HSM
  • KPIs / KRIs
  • Penetration Testing
  • Shift Left
  • Vulnerability Scan

Emerging Technologies

  • 5G
  • Artificial Intelligence
  • Blockchain
  • Cryptocurrency
  • Deepfake
  • E-Commerce
  • Healthcare
  • IoT
  • Quantum Computing

Frameworks

  • CIS Controls
  • CCPA
  • GDPR
  • NIST
  • 23 NYCRR 500
  • HIPAA

Repository

  • Books
  • Certifications
  • Definitions
  • Documents
  • Entertainment
  • Quotes
  • Reports

Threats

  • APTs
  • DDoS
  • Insider Threat
  • Malware
  • Phishing
  • Ransomware
  • Social Engineering

© 2023 | CyberMaterial | All rights reserved.

World’s #1 Cybersecurity Repository

  • About
  • Legal and Privacy Policy
  • Site Map
No Result
View All Result
  • Audience
    • Cyber Citizens
    • Cyber Professionals
    • Institutions
  • Highlights
    • Blog
    • CyberDecoded
    • Cyber Review
    • CyberStory
    • CyberTips
  • Cyber Risks
    • Alerts
    • Attackers
    • Domains
    • Incidents
    • Threats
  • Opportunities
    • Events
    • Jobs
  • Repository
    • Books
    • Certifications
    • Cheat Sheets
    • Courses
    • Definitions
    • Frameworks
    • Games
    • Hardware Tools
    • Memes
    • Movies
    • Papers
    • Podcasts
    • Quotes
    • Reports
  • Report Cyber Incident
  • GET HELP

Subscribe to our newsletter

© 2022 Cybermaterial - Security Through Data .

Welcome Back!

Sign In with Google
Sign In with Linked In
OR

Forgotten Password? Sign Up

Create New Account!

Sign Up with Google
Sign Up with Linked In
OR

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.