BlueNoroff
Web3 / compliance
BlueNoroff (also tracked as Stardust Chollima) is a specialised sub-group within the Lazarus Group ecosystem, operating under the Reconnaissance General Bureau's direction with an exclusive focus on financial institution heists and cryptocurrency theft. BlueNoroff first gained international attention for the 2016 Bangladesh Bank SWIFT heist, in which it stole $81 million by compromising the bank's SWIFT messaging terminals and issuing fraudulent transfer instructions to the Federal Reserve Bank of New York. By 2025–2026, BlueNoroff has pivoted almost entirely to crypto firms, venture capital funds, and Web3 developers as its primary targets, reflecting both the financial opportunity in the sector and the relative weakness of its security posture compared to hardened traditional banks. BlueNoroff's hallmark tactics in 2026 include 'ClickFix' social engineering — compromising websites or sending tailored links that present fake error prompts instructing targets to run a script that installs malware — and AI-generated deepfake video calls impersonating venture capitalists or job recruiters during fake interviews. These social engineering chains ('Code to Custody') typically target exchange developers and DevOps engineers, extracting SSH keys and cloud credentials that provide access to software deployment pipelines and ultimately hot wallet signing infrastructure. Why it matters for compliance: BlueNoroff's targeting of the human layer — developers, HR interviewers, and operations staff — means that technical security controls alone are insufficient. Crypto firms must implement counter-intelligence awareness training, verify the identity of investors and recruiters through out-of-band channels, and establish strict policies around downloading code from interview scenarios or external parties.
Explore the full Web3 Glossary — 2,062+ expert-curated definitions. Need guidance? Talk to our consultants.