eCommerce News New Zealand logo
The latest digital commerce news for Kiwi businesses
Story image

Major cryptocurrency losses for SMBs from BlueNoroff threat actor

By Shannon Williams
Thu 20 Jan 2022

Kaspersky experts have uncovered a series of attacks by advanced persistent threat (APT) actor BlueNoroff against small and medium-sized companies worldwide, resulting in major cryptocurrency losses for the victims.

The campaign, dubbed SnatchCrypto, is aimed at various companies that, by the nature of their work, deal with cryptocurrencies and smart contracts, DeFi, Blockchain, and the FinTech industry.

In BlueNoroff's most recent campaign, the attackers have been subtly abusing the trust of the employees working at targeted companies by sending them a full-featured Windows backdoor with surveillance functions under the guise of a contract or another business file. In order to eventually empty the victim's crypto wallet, the actor has developed extensive and dangerous resources: complex infrastructure, exploits, malware implants.

BlueNoroff is part of the larger Lazarus group and uses their diversified structure and sophisticated attack technologies. The Lazarus APT group is known for attacks on banks and servers connected to SWIFT, and has even engaged in the creation of fake companies for the development of cryptocurrency software. The deceived clients subsequently installed legitimate-looking apps and, after a while, received backdoored updates.

Kaspersky says this Lazarus branch has now switched to attacking cryptocurrency startups. As most of cryptocurrency businesses are small or medium-sized startups, they cannot invest lots of money into their internal security system. The actor understands this point and takes advantage of it by using elaborate social engineering schemes, it says.

To gain the victims trust, BlueNoroff pretends to be an existing venture capital company. Kaspersky researchers uncovered over 15 venture businesses, whose brand name and employee names were abused during the SnatchCrypto campaign. Kaspersky experts also believe that real companies have nothing to do with this attack or the emails. The start-up crypto sphere was chosen by cybercriminals for a reason: startups often receive letters or files from unfamiliar sources. For example, a venture company may send them a contract or other business-related files. The APT-actor uses this as bait to make victims open the attachment in email a macro-enabled document.

An attentive user may spot that something fishy is happening while MS Word shows a standard loading popup window.

If the document was to be opened offline, the file would not represent anything dangerous - most likely, it would look like a copy of some kind of contract or another harmless document. But if the computer is connected to the Internet at the time of opening the file, another macro-enabled document is fetched to the victim's device, deploying malware.

This APT group has various methods in their infection arsenal and assembles the infection chain depending on the situation. Besides weaponised Word documents, the actor also spreads malware disguised as zipped Windows shortcut files. It sends the victim's general information and Powershell agent, which then creates a full-featured backdoor. Using this, BlueNoroff deploys other malicious tools to monitor the victim: a keylogger and screenshot taker.

According to Kaspersky, the attackers then track victims for weeks and months: they collect keystrokes and monitor the daily operations of the user, while planning a strategy for financial theft. Having found a prominent target that uses a popular browser extension to manage crypto wallets (for example, the Metamask extension), they replace the main component of the extension with a fake version.

The researchers says the attackers receive a notification upon discovering large transfers. When the compromised user attempts to transfer some funds to another account, they intercept the transaction process and inject their own logic. To complete the initiated payment, the user then clicks the "approve" button. At this moment, cybercriminals are changing the recipient's address and maximising the transaction amount, essentially draining the account in one move.

The group is currently active and attacks users regardless of which country they are from

"As attackers continuously come up with a lot of new ways to trick and abuse, even small businesses should educate their employees on basic cybersecurity practices," says Seongsu Park, senior security researcher at Kaspersky's Global Research and Analysis Team (GReAT).

"It is especially essential if the company works with crypto wallets: there is nothing wrong with using cryptocurrency services and extensions, but note that it is also an attractive target for APT and cybercriminals alike. Therefore, this sector needs to be well protected.,"

For organisations protection, Kaspersky suggests the following:

  • Provide your staff with basic cybersecurity hygiene training, as many targeted attacks start with phishing or other social engineering techniques;
  • Carry out a cybersecurity audit of your networks and remediate any weaknesses discovered in the perimeter or inside the network.
  • The injection of the extension is hard to find manually, unless you are very familiar with the Metamask codebase. However, a modification of the Chrome extension leaves a trace. The browser has to be switched to Developer Mode and the Metamask extension is installed from a local directory instead of the online store. If the plugin comes from the store, Chrome enforces digital signature validation for the code and guarantees code integrity. So, if you are in doubt, check your Metamask extension and Chrome settings right now.
  • Install anti-APT and EDR solutions, enabling threat discovery and detection, investigation and timely remediation of incidents capabilities. Provide your SOC team with access to the latest threat intelligence and regularly upskill them with professional training. All of the above is available within the Kaspersky Expert Security framework.
  • Along with proper endpoint protection, dedicated services can help against high-profile attacks. The Kaspersky Managed Detection and Response service can help identify and stop attacks in their early stages, before the attackers achieve their goals.
Related stories
Top stories
Story image
Customer experience
Research unveils precarious customer loyalty for retailers
New research has found customers are reassessing established brand loyalties as their priorities and behaviours shift.
Story image
First Table
First Table set to revive restaurant commerce in NZ with platform launch
A new restaurant booking platform has launched in New Zealand, giving Kiwi diners the opportunity to save and book at a variety of restaurants around the country.
Story image
Lightspeed
Lightspeed launches all-in-one marketing platform in A/NZ
ECommerce provider, Lightspeed has launched a new all-in-one marketing solution, Lightspeed Marketing & Loyalty in Australia and New Zealand.
Story image
CRM
Zendesk announces new conversational CRM solutions
“The last few years have made it obvious that digital is the front door, convenience is paramount and relationships are anchored in conversations."
Story image
Mobility
Hands-on review: STM laptop bags
The advent of hybrid working has meant we need laptop bags. We got our hands on two of the most popular laptop bags from STM.
Story image
Xero
More solutions updates and developments from Xero announced
Xero has announced a raft of new globally available solutions, features and product updates for the month of May, along with future developments soon to be rolled out.
Story image
Collaboration
Is video technology the future of retail?
The way we hunt for and buy products has forever changed with innovative technology designed to take customers from their initial curiosity through to purchase
Story image
Microsoft
FIS Modern Banking Platform now available on Microsoft Azure
FIS says the partnership will expand its digital online banking to markets like New Zealand, the United Kingdom and Thailand
Story image
Adyen
Adyen expands partnership with Afterpay as BNPL payments increase
Adyen has expanded its partnership with AfterPay allowing more of Adyen’s merchants in more countries worldwide to use the BNPL provider.
Story image
Customer experience
Dell Technologies expands edge innovations for retailers
Dell Technologies has announced the expansion of its edge solutions to help retailers quickly generate more value and deliver enhanced customer experiences.
Story image
Artificial Intelligence
SAS unveils AI experience to improve kids' batting abilities
SAS has created The Batting Lab, an interactive experience using AI, computer vision and IoT analytics to help kids improve their baseball and softball swings.
Story image
Customer experience
8x8 and Genesys collaborate on customer service solution
With the new integration, organisations can align agents and the appropriate subject matter experts to collaborate for better customer outcomes.
Story image
Sustainability
Hootsuite 2021 Impact Report shows workforce more diverse
Hootsuite has released its annual 2021 Impact Report detailing the results of its social impact initiatives following the launch of its corporate guiding principles.
Story image
Remote Working
Better tech key to adapting to the hybrid workplace - Adobe
The shift to hybrid work has been a boon for many information workers, but also comes with its share of challenges, particularly with regards to technology.
Story image
Cryptocurrency
Prominent cryptocurrency trader hit by 'perfect storm'
A leading local crypto currency trading platform, BitPrime, says a "perfect storm" has hit its finances, forcing it to put a halt on operations.
Story image
Amazon Web Services / AWS
Databricks strengthens AWS partnership with new Lakehouse offering
Customers will experience faster onboarding and unified account administration to make building a Databricks Lakehouse on AWS easier.
Story image
Sustainability
The AI Forum helps NZ pave the way with AI sustainability practices
Non-profit organisation The AI Forum is helping Kiwis learn about addressing climate change issues through the use of AI technology.
Story image
Customer experience
Digital insight through UCaaS to improve customer experience
One of the most quoted adages in business is "if you can't measure it, you can't manage it" this has been a long-held problem in telephony and customer service.
Story image
Phishing
Retail and wholesale at significant risk of phishing attacks
New research from Zscaler has found that many retail and wholesale environments are at significant risk, with a 400% increase in phishing attacks being reported in the last 12 months.
Story image
Network Management
Vodafone, Anodot to transform network, customer experience
Vodafone New Zealand has chosen Anodot to transform its network performance visibility and improve customer experiences.
Story image
Machine Learning
Moloco launches updates to Cloud Demand-Side Platform
The latest updates focus on improving performance through intelligent budget allocation, automating workflows through smart campaign UI/UX, and ad creation.
Story image
Artificial Intelligence
Laybuy launches new AI chatbot Hugo using Ambit tech
Laybuy partners with fellow New Zealand company Ambit to launch conversational AI in a bid to support its international growth.
Story image
Pinterest
Pinterest partners with WooCommerce and launches app
The new app gives businesses of all sizes the power to turn their product catalogues into shoppable product pins on Pinterest
Story image
CRM
Freshworks launches new CRM with Shopify availability
Freshworks has launched a new customer relationship management (CRM) solution, which has also been made available on the Shopify apps store.
Story image
Amazon Web Services / AWS
AWS granted OIO consent for billion dollar NZ Region project
AWS has announced that the Overseas Investment Office (OIO) has granted consent for the advancement of the new billion-dollar AWS Asia Pacific (Auckland) Region project.
Booster
Booster Innovation Fund. A fund of Kiwi ingenuity – for Kiwi investors.
Link image
Story image
CRM
Salesforce launches AI-based insights with CRM Analytics
Salesforce announces CRM Analytics, AI-based insights for sales, marketing, and service teams in every industry.
Story image
HP New Zealand
HPE NZ sees $8 million decline in latest financial report
HPE New Zealand has seen a decline of over NZD$8 million in the sale of its goods year-over-year, according to its latest financial report.
Story image
Open banking
A look at the rewards and risks of open banking - report
RiskBusiness says its report on open banking finds that while it holds much potential, financial services firms need to ensure they have robust, risk processes.
Story image
SaaS
Forrester Research names BigCommerce a Strong Performer
BigCommerce has announced it has been named a Strong Performer by Forrester Research in both the Forrester Wave: B2C Commerce Solutions, Q2 2022 and the Forrester Wave: B2B Commerce Solutions, Q2 2022 reports.
Story image
Forrester
commercetools named a Leader in B2B Forrester report
commercetools has been named a Leader in The Forrester Wave: B2B Commerce Solutions, Q2 2022 report, receiving the highest scores possible in 10 criteria.
Story image
Microsoft
Spark launches Microsoft Dynamics 365 upgrade across enterprise
Spark and Microsoft NZ have recently collaborated to launch Microsoft Dynamics 365 across the entire Spark business enterprise.
Story image
Marketplacer
Marketplacer and True Woo partner for wellness marketplace
Marketplacer has announced the completion of a new holistic online marketplace for True Woo, offering a range of products and services targeted at individuals seeking ways to improve their wellbeing.
Story image
Veryfi
Veryfi announces Mobile Receipt Capture for D2C marketing apps
Veryfi has announced a new enhancement to its portfolio, with Mobile Receipt Capture for direct-to-consumer marketing apps.
Story image
Fintech
Incumbent banks must embrace data-centric capabilities
Retail banks are lagging in their ability to offer true omnichannel experiences, as customers pivot to competitors that offer more personalised experiences.
Story image
IBM
Vodafone extends collaboration with IBM, MATRIXX Software
"To realise the promise of 5G, decisions need to be made with the right technology solutions, skills and support to execute and succeed."
Story image
Gaming
Mastercard users can now use rewards points in gaming
Mastercard has launched Mastercard Gamer Xchange (MGX), allowing APAC consumers to convert their rewards points into gaming currency.
Story image
Chorus
Chorus enhances West Coast infrastructure for upgraded telecoms
Chorus has announced the completion of a 250km infrastructure project set to provide the West Coast with upgraded and enhanced telecommunications.
Story image
Phishing
Google reveals new safety and security measures for users
Google's new measures include automatic two step verification, virtual cards and making it easier to remove contact information on Google Search results.
Story image
Climate change
Record growth for NZ startups as conscious investment trend emerges
New Zealand has a reputation for efficiency and innovation, and has strong potential to be a leader in climate tech.
Story image
Collaboration
Zoom announces CX innovations for 'work anywhere' workforce
Zoom Video Communications has unveiled its latest innovations in the Zoom platform to help businesses improve customer and employee experiences.
Story image
SAS
New SAS service overcomes subscription fatigue for media companies
SAS has launched SAS 360 Match which helps media companies move towards a AVOD model to generate revenue as subscribers cancel.
Story image
Fintech
Visa chooses NZ startup for APAC Accelerator Programme
Visa has selected New Zealand payments startup Cymonz for the 2022 cohort of its Visa Accelerator Programme in Asia Pacific.
Story image
Esker
Esker named Challenger in 2022 Gartner Magic Quadrant
Esker has been named a Challenger in the 2022 Gartner Magic Quadrant for Integrated Invoice-to-Cash Applications.