Bluenoroff Bypasses MoTW to Target Japanese Organizations
Bluenoroff Bypasses MoTW to Target Japanese Organizations
Threat Level
Actor Report
For a detailed threat advisory, download the pdf file here
Summary
Bluenoroff is known for targeting financial institutions and government organizations and has been active since at least 2014. From September onwards Bluenoroff threat actors added a new feature, that bypasses the Mark of the Web (MotW) security feature in Microsoft Windows, specifically targeting Japanese organizations. MotW is a security feature that helps prevent malicious web pages from being loaded into Internet Explorer or other web browsers.