BlueNoroff Reemerges with New Campaigns
North Korea-aligned threat actor BlueNoroff, also known as APT38 and TA444, has resurfaced with two new campaigns: "GhostCall" and "GhostHire".
These campaigns target executives, Web3 developers, and blockchain professionals, using social engineering tactics via platforms like Telegram and LinkedIn to deliver multi-stage malware chains.
- GhostCall and GhostHire use fake investor meetings and bogus recruiter tests to compromise macOS and Windows hosts.
- BlueNoroff is a financially motivated subgroup of the Lazarus Group, linked to the Reconnaissance General Bureau (RGB).
BlueNoroff is believed to operate the long-running SnatchCrypto campaign, with GhostCall and GhostHire appearing to be the latest extensions.
Author's summary: BlueNoroff launches new crypto theft campaigns.
More News
- From Reimagining Capitalism to Reweaving Ourselves: Leadership for a Sustainable and Caring Future in a World on Fire — Harvard ALI Social Impact Review
- We warned about the invisible ringleaders and the fact that the students’ interests have been submerged in the political ambitions of certain individuals
- Ogden’s homeless plan: Less affordable housing, more rent-a-cops - The Utah Investigative Journalism Project
- Coup scare: DSS and selective use of state power
- ‘Standby funds’ or pork barrel? How unprogrammed appropriations actually work