lazarusholic

2025-06-23, Darkatlas
https://darkatlas.io/blog/bluenoroff-apt38-live-infrastructure-hunting
#BlueNoroff

North Korean threat actor designations often exhibit significant overlap, making attribution complex. As a result, some security researchers collectively refer to all North Korean state-sponsored cyber operations under the umbrella of the Lazarus Group, rather than tracking individual clusters or subgroups such as Andariel, APT38 (Bluenoroff), and APT43 (Kimsuky). Among these, Bluenoroff—also known as APT38—is a financially motivated subgroup linked to North Korea’s Reconnaissance General Bureau (RGB). Since its emergence around 2014, APT38 has conducted widespread cyber attacks targeting banks, financial institutions, casinos, cryptocurrency exchanges, SWIFT endpoints, and ATMs across at least 38 countries. Noteworthy incidents include the 2016 Bangladesh Bank heist, in which the group successfully exfiltrated $81 million, and major compromises at Bancomext and Banco de Chile in 2018, some of which involved destructive payloads aimed at covering traces and disrupting incident response efforts.
Differentiating Lazarus Group & Bluenoroff (APT38)
Overview of Lazarus Group
- State Sponsorship: Backed by the North …

http://104.168.151.116
http://192.119.116.231
http://198.57.247.218
http://bellezalatam.com
http://156.154.132.200
http://198.54.117.242
http://140.82.20.246
http://104.168.136.24
http://192.64.119.169
198.54.117.242
104.168.136.24
156.154.132.200
140.82.20.246
198.57.247.218
104.168.151.116
192.119.116.231
192.64.119.169
dbe48dc08216850e93082b4d27868a7ca51656d9e55366f2642fc5106e3af980