<ciso brief/>
Tag Banner

All news with #bluenoroff tag

all tags →

Wed, October 29, 2025

BlueNoroff Returns with GhostCall and GhostHire Campaigns

#BlueNoroff #Lazarus Group #Active Exploitation #Backdoor Found #Supply-Chain Incident #Data Exfil via Tools

🚨 BlueNoroff, a North Korea–linked subgroup of the Lazarus Group, has reemerged with two focused campaigns—GhostCall and GhostHire—targeting executives, Web3 developers and blockchain professionals. Operators use social engineering on Telegram and LinkedIn to stage fake investor meetings and recruiter coding tests, then deliver multi-stage, cross-platform malware. Samples were found written in Go, Rust, Nim and AppleScript and deploy implants such as DownTroy, CosmicDoor and Rootroy to harvest crypto keys, credentials and project assets.

read more →