BlueNorOff is a financially motivated hacking group known for attacking cryptocurrency exchanges and financial organisations such as venture capital firms and banks worldwide.
BlueNorOff, a North Korean-backed threat group targeting Apple customers, has developed new macOS malware known as ObjCShellz, which can open remote shells on compromised machines.
BlueNorOff is a financially motivated hacking group known for attacking cryptocurrency exchanges and financial organisations such as venture capital firms and banks worldwide.
According to Jamf Threat Labs, which disclosed details of the malware, it is part of the RustBucket malware campaign, which was revealed earlier this year.
The command-and-control (C2) domain mimics the website of a legitimate cryptocurrency exchange at swissborg.com/blog. The data is split into two strings and stitched at the other end to evade static detection.
In this campaign, the actor reaches out to a target, claiming to be interested in partnering with or offering them something beneficial under the guise of an investor or head hunter. To blend in with network activity, BlueNorOff creates domains that appear to belong to legitimate crypto companies.
Unlike other malicious payloads deployed in previous BlueNorOff attacks, ObjCShellz is an Objective-C-based malware that opens remote shells on compromised macOS systems after being dropped.
Post-exploitation, attackers used it to execute commands on infected Intel and Arm Macs.
Despite being relatively simple, this malware is still very functional and will help attackers accomplish their objectives. Jamf said this is a theme with the latest malware we've seen from this group.
The BlueNorOff hackers were linked to a string of attacks targeting cryptocurrency startups across the globe last year, including in the U.S., Russia, China, India, the U.K., Ukraine, Poland, Czech Republic, UAE, Singapore, Estonia, Vietnam, Malta, Germany, and Hong Kong.
U.S. Treasury sanctioned BlueNorOff and two other North Korean hacking groups (Lazarus Group and Andariel) in 2019 for funnelling stolen assets to the North Korean government.
Four years ago, a United Nations report estimated that North Korean state hackers had stolen $2 billion from banks and cryptocurrency exchanges across more than a dozen countries.
The FBI also attributed the most significant crypto hack ever, the hack of Axie Infinity's Ronin network bridge, to Lazarus and BlueNorOff hackers, who stole 173,600 Ethereum and 25.5M USDC tokens worth $617 million.
Want your digital assets to be protected?
CyberShelter provides innovative and modern cybersecurity products and niche services to individuals and organization against all kinds of cyber threats.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?