The Home of the Security Bloggers Network
Home » Security Boulevard (Original) »
Cybersecurity firm Kaspersky recently published an analysis that detailed how a North Korean threat actor, which it called the BlueNoroff group, is stealing cryptocurrency by bypassing the “Mark of the Web” flag security feature within the Windows operating system.
Kaspersky’s advisory is only the latest in a string of cybersecurity research pointing to North Korean cyberattack aggression. In the fall and winter of 2022, the Menlo Labs research team published an analysis of attacks that used exploit templates to deliver malware, such as FormBook, Snake Keylogger and SmokeLoader. Identical indicators of compromise (IoCs) led the researchers to conclude the threat actor was tied to the North Korean threat actor Lazarus Group.
Additionally, ReversingLabs malware researcher Joseph Edwards examined ZetaNile, a set of open source software Trojans reportedly used by Lazarus to attack Japanese cryptocurrency firms and U.S. energy companies.
“It is evident that this group has a robust track record and continues to reinvent its techniques to carry out attacks on its targets,” Edwards wrote.
The U.S. and Republic of Korea (ROK) governments are actively taking steps to mitigate the North Korean cybersecurity threat. In May 2022, during a U.S. and ROK summit between president Joe Biden and president Yoon Suk-yeol, the two leaders recommitted to creating a joint cybersecurity working group that would try to mitigate North Korean digital attacks, especially financial-related crimes. Following that meeting, the Center for a New American Security published its analysis of the North Korean cybersecurity threat.
That report detailed the think tank’s recommendations, laying out suggestions for joint state-sponsored attack deterrence. The analysis found that, to deter attacks that targeted the U.S.’s and the ROK’s social, financial and cyberinfrastructure, the two countries should:
While the Center for a New American Security’s report focused on mitigating North Korean threat actors, it also noted that both nations need to pay attention to other state-sponsored threat actors, specifically China and Russia. Although the current focus of the U.S.–ROK joint cybersecurity working group is on North Korea–sponsored cyber-enabled financial crime efforts, Washington and Seoul should consider future research that includes cybersecurity threats from other state-sponsored actors, the report stated.
More Webinars 
Mitigating the North Korean Cybersecurity Threat – Security Boulevard
