CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

North Korean Threat Actor BlueNoroff Targets Web3 Sector

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

The North Korean threat actor BlueNoroff, also known as APT38 and TA444, has launched two new campaigns targeting the Web3 sector. These campaigns, dubbed GhostCall and GhostHire, focus on executives, Web3 developers, and blockchain professionals. The attacks use social engineering techniques on platforms like Telegram and LinkedIn to initiate multi-stage malware chains that compromise Windows, Linux, and macOS hosts. BlueNoroff is a financially motivated sub-cluster of the Lazarus Group, North Korea's state-sponsored cyber unit linked to the Reconnaissance General Bureau (RGB). The group is known for the long-running SnatchCrypto campaign, which has evolved to include comprehensive data acquisition across a range of assets. The harvested data is used to facilitate subsequent attacks, enabling supply chain attacks and leveraging established trust relationships to impact a broader range of users.

Timeline

  1. 03.11.2025 14:56 1 articles · 7d ago

    BlueNoroff Launches GhostCall and GhostHire Campaigns Targeting Web3 Sector

    BlueNoroff, a sub-cluster of the Lazarus Group, has initiated two new campaigns, GhostCall and GhostHire, targeting the Web3 sector. These campaigns use social engineering techniques to compromise Windows, Linux, and macOS hosts. The attacks involve multi-stage malware chains and have expanded the group's data acquisition strategies to include comprehensive data acquisition across a range of assets. The harvested data is used to facilitate subsequent attacks, enabling supply chain attacks and leveraging established trust relationships.

    Show sources
    Open in new tab

Information Snippets