The notorious Lazarus Group subcluster BlueNoroff has been seen incorporating fresh strategies into its playbook to get against Windows Mark of the Web (MotW) security measures.
In a research released today, Kaspersky revealed that this includes the usage of the virtual hard disc (.VHD extension) and optical disc image (.ISO extension) file formats as a component of a novel infection chain.
Security researcher Seongsu Park stated that “BlueNoroff developed multiple phony domains imitating banks and venture capital firms,” adding that the new attack technique was noted in its telemetry in September 2022.
ABF Capital, Angel Bridge, ANOBAKA, Bank of America, and Mitsubishi UFJ Financial Group, most of which are based in Japan, are among the fake domains that have been discovered to duplicate them. This indicates a “strong interest” in the area read the complete article BlueNoroff APT Hackers Using New Ways to Bypass Windows MotW Protection.