BlueNoroff hackers, part of the Lazarus hacking group linked to the North Korean government, have been identified deploying new techniques with an updated arsenal in a recent wave of attacks. The campaign is targeting banks and venture capital firms with financial motivations. In the past, the group has been known to target financial institutions, cryptocurrency firms, and more. The group was silent for several months before the recent spate of attacks.

The recent attacks leverage new malware, updated delivery techniques, and new methods of avoiding detection and bypassing Microsoft protections. The hackers are distributing decoy Office documents that allows them to spread malware without prompting the MotW warning that is typically displayed by Windows when a user attempts to access a document from the internet. BlueNoroff seeks to infect organizations in order to intercept crypto transfers. To do so, the hacking group has registered 70 fake domains mimicking well-known and legitimate brands, banks, and venture capital firms.

Read More: North Korean Hackers Created 70 Fake Bank, Venture Capital Firm Domains