Kaspersky Lab reported that the hacker group Lazarus has an offshoot of BlueNoroff, posing as venture capitalists who are interested in cryptocurrency startups. North Korean hackers Lazarus have expanded their operations and are posing as venture capitalists who allegedly intend to invest in cryptocurrency startups, according to a new security report.. The researchers called this offshoot of Lazarus BlueNoroff – they create fake domains under the guise of venture capital companies and banks. “We studied the infrastructure used by hackers and found more than 70 domains. Most of them imitate Japanese venture capital companies. This indicates that the group has a strong interest in Japanese financial institutions,” the report says. Experts reported that BlueNoroff was created back in January of this year, but global attacks on the industry began only in the fall.. The group uses malware to attack companies developing smart contracts, blockchains and DeFi protocols, as well as fintech companies. At the same time, hackers have learned to bypass Mark-of-the-Web (MOTW) technology, which warns Windows users when they try to open a file downloaded from the Internet.. Experts stressed that the default of the FTX cryptocurrency exchange and the ensuing hype in the industry did not affect the activity of hackers – the threat remained at the same level. Earlier, SlowMist, a blockchain security company, published a report in which it said that North Korean hackers created about 500 domains to steal NFTs.