HOMETHREATSBlueNoroff
APT / THREAT GROUP

BlueNoroff

2
aliases
Last seen:Mar 17, 2026

Intelligence Profile

This family contains the BlueNoroff toolkit used for SWIFT manipulation, as used by the Lazarus activity cluster also referred to as BlueNoroff.

Threat Analysis

BlueNoroff is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

Intelligence Reports Mentioning BlueNoroff

External References

Quick Facts

TypeAPT / Threat Group
Aliases2

Also Known As

win.bluenoroffBlueNoroff

External Intelligence

Malpedia: win.bluenoroff

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.