September 7, 2024 at 03:39AM North Korean threat actors are using LinkedIn for fake job recruiting operations to target developers, disguising malware as coding challenges. They also employ recruiting-themed lures to deliver malware, as seen in a social engineering campaign involving a malicious PDF. This activity, including crypto heists, is a conduit for generating illicit … Read more
November 28, 2023 at 12:43PM North Korean APT groups are using a mix of malware components from KandyKorn and RustBucket to avoid detection and continue their operations. They are targeting macOS machines to attack cryptocurrency exchanges and raise money for the Kim Jong Un regime. The groups are taking evasive steps by mixing loaders and … Read more
November 28, 2023 at 12:06AM The Lazarus Group, a North Korean threat actor, has been observed combining elements from two separate macOS malware strains, RustBucket and KANDYKORN. They are using RustBucket droppers to deliver the KANDYKORN malware. Another macOS-specific malware called ObjCShellz has also been linked to the RustBucket campaign by cybersecurity firm SentinelOne. This … Read more
November 7, 2023 at 09:48AM North Korean state-sponsored hackers have been observed using a new macOS malware called “ObjCShellz” as part of the RustBucket campaign targeting financial organizations. The malware, attributed to the BlueNoroff group, is written in Objective-C and allows attackers remote shell capabilities. The campaign uses social engineering and disguises itself as a … Read more
November 7, 2023 at 09:24AM The BlueNoroff nation-state group, which has connections to North Korea, is behind a newly discovered macOS malware called ObjCShellz. It is used as part of the RustBucket malware campaign and is suspected to be delivered through social engineering. BlueNoroff is a sub-group of the Lazarus Group, known for financial crimes … Read more