BlueNoroff is the name of an APT group coined by Kaspersky researchers while investigating the notorious attack on Bangladesh’s Central Bank back in 2016. A mysterious group with links to Lazarus and an unusual financial motivation for an APT. The group seems to work more like a unit within a larger formation of Lazarus attackers, with the ability to tap into its vast resources: be it malware implants, exploits, or infrastructure.
Russian Federation, Poland, Slovenia, Ukraine, Czechia, China, India, United States of America, Hong Kong, Singapore, United Arab Emirates, Viet Nam
T1192 - Spearphishing Link, T1059.005 - Visual Basic, T1059.001 - PowerShell, T1055.001 - Dynamic-link Library Injection, T1056.001 - Keylogging, T1113 - Screen Capture, T1132 - Data Encoding, T1027 - Obfuscated Files or Information, T1119 - Automated Collection, T1176 - Browser Extensions