APT / THREAT GROUP
BlueNoroff
2
aliases
Last seen:Mar 17, 2026
Intelligence Profile
This family contains the BlueNoroff toolkit used for SWIFT manipulation, as used by the Lazarus activity cluster also referred to as BlueNoroff.
Threat Analysis
BlueNoroff is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
Intelligence Reports Mentioning BlueNoroff
Microsoft links Mastra AI supply chain attack to North Korean hackers
BleepingComputer· Jun 20, 2026
North Korean Hackers Target Crypto Firms with ClickFix and AI-Made Zoom Lures
Infosecurity Magazine· Apr 28, 2026
Bitrefill blames North Korean Lazarus group for cyberattack
BleepingComputer· Mar 19, 2026
External References
Quick Facts
TypeAPT / Threat Group
Aliases2
Also Known As
win.bluenoroffBlueNoroff
External Intelligence
Malpedia: win.bluenoroffResearch Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.