BlueNoroff Reemerges with New Campaigns
North Korea-aligned threat actor BlueNoroff, also known as APT38 and TA444, has resurfaced with two new campaigns: GhostCall and GhostHire.
These campaigns target executives, Web3 developers, and blockchain professionals, using social engineering tactics via platforms like Telegram and LinkedIn to deliver cross-platform malware.
- GhostCall and GhostHire use fake investor meetings and bogus recruiter tests to compromise macOS and Windows hosts.
- The campaigns are part of BlueNoroff's efforts to steal crypto and conduct espionage.
BlueNoroff is a financially motivated subgroup of the Lazarus Group, North Korea's state-sponsored cyber unit linked to the Reconnaissance General Bureau (RGB).
Author's summary: BlueNoroff launches new crypto theft campaigns.