BlueNoroff, a subcluster of the notorious Lazarus Group, has been observed adopting new techniques into its playbook that enable it to bypass Windows Mark of the Web (MotW) protections.
This includes the use of optical disk image (.ISO extension) and virtual hard disk (.VHD extension) file formats as part of a novel infection chain, Kaspersky disclosed in a report published today.
“BlueNoroff created numerous fake domains impersonating venture capital companies and banks,” security researcher Seongsu Park said, adding the new attack procedure was flagged in its telemetry in September 2022.
