Bluenoroff Bypasses MoTW to Target Japanese Organizations

Threat Level

Actor Report

For a detailed threat advisory, download the pdf file here

Summary

Bluenoroff is known for targeting financial institutions and government organizations and has been active since at least 2014. From September onwards Bluenoroff threat actors added a new feature, that bypasses the Mark of the Web (MotW) security feature in Microsoft Windows, specifically targeting Japanese organizations. MotW is a security feature that helps prevent malicious web pages from being loaded into Internet Explorer or other web browsers.