Targeting of cryptocurrency exchanges in DangerousPassword campaign
Date of report
  • May 2023
BlueNoroff, a subcluster of the threat actor Lazarus Group, sent malicious shortcut files to cryptocurrency exchanges as part of an expansion of its DangerousPassword campaign. The malware was distributed both over email and through LinkedIn messages.
Suspected victims
  • Cryptocurrency exchanges in Japan and other countries
Suspected state sponsor
  • Korea (Democratic People's Republic of)
Type of incident
  • Espionage
Target category
  • Private sector
Victim government reaction
  • Yes
Policy response
Suspected state sponsor response