SnatchCrypto campaign plants backdoors in crypto startups, DeFi, blockchain networks

A new campaign focused on emptying the cryptocurrency wallets of organizations in the financial and crypto spaces has been revealed by researchers. 

Dubbed SnatchCrypto, Kaspersky researchers said on Thursday that the campaign is the work of BlueNoroff, an advanced persistent threat (APT) group suspected of being connected to the larger Lazarus APT. 

Lazarus is a North Korean hacking unit tied to cyberattacks against banks and financial services. The APT specializes in SWIFT-based intrusions in countries including Vietnam, Bangladesh, Taiwan. Alongside Cobalt and FIN7, Blueliv recently branded the group as one of the top threats faced by FinTech firms today. 

“The group [BlueNoroff] seems to work more like a unit within a larger formation of Lazarus attackers, with the ability to tap into its vast resources: be it malware implants, exploits, or infrastructure,” the researchers say.

According to Kaspersky, BlueNoroff has conducted a series of attacks against both small and medium-sized companies tied to cryptocurrency, virtual assets, the blockchain, smart contracts, decentralized finance (DeFI), and FinTech in general. 

BlueNoroff focuses on building – and abusing – trust to infiltrate company networks. Whether this is business communication and chats or wider social engineering techniques, the APT spends a lot of time and effort

Read More: