BlueNoroff
High ConfidenceCritical ThreatAPT38 • Stardust Chollima • BeagleBoyz • Sapphire Sleet • COPERNICIUM
BlueNoroff is a North Korean threat actor and a subgroup of the larger Lazarus Group, specifically focused on financial gain to support the DPRK regime. Active since at least 2014, the group has conducted sophisticated attacks against banks, cryptocurrency exchanges, and financial institutions worldwide. BlueNoroff was responsible for the 2016 Bangladesh Bank heist that attempted to steal $951 million through SWIFT network manipulation. The group continues to target cryptocurrency platforms and DeFi protocols, generating hundreds of millions of dollars for North Korea's weapons programs.
BlueNoroff is a North Korean threat actor and a subgroup of the larger Lazarus Group, specifically focused on financial gain to support the DPRK regime. Active since at least 2014, the group has conducted sophisticated attacks against banks, cryptocurrency exchanges, and financial institutions worldwide. BlueNoroff was responsible for the 2016 Bangladesh Bank heist that attempted to steal $951 million through SWIFT network manipulation. The group continues to target cryptocurrency platforms and DeFi protocols, generating hundreds of millions of dollars for North Korea's weapons programs.
Target Sectors
Target Regions
Attributed to RGB (Reconnaissance General Bureau) (North Korea). Attribution confidence: High.
Future Outlook
BlueNoroff is expected to continue operations targeting Financial Services sectors.
First observed activity of BlueNoroff
Continued active operations