A sub-cluster within the infamous Lazarus Group has established new infrastructure that impersonates skills assessment portals as part of its social engineering campaigns.
Microsoft attributed the activity to a threat actor it calls Sapphire Sleet, describing it as a “shift in the persistent actor’s tactics.”
Sapphire Sleet, also called APT38, BlueNoroff, CageyChameleon, and CryptoCore, has a track record of orchestrating cryptocurrency theft via social engineering.
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
Earlier this week, Jamf Threat Labs implicated the threat actor to a new macOS malware family called ObjCShellz that’s assessed to be a late-stage payload delivered in connection with another macOS malware known as RustBucket.
“Sapphire Sleet typically finds targets on platforms like LinkedIn and uses lures related to skills assessment,” the Microsoft Threat Intelligence team said in a series of posts on X (formerly Twitter).
“The threat actor then moves successful communications with targets to other platforms.”
The tech giant said past campaigns mounted by the hacking crew involved sending malicious attachments directly or embedding links to pages hosted on legitimate websites like GitHub.
However, the swift detection and deletion of these payloads may have forced Sapphire Sleet to flesh out its own network of websites for malware distribution.
“Several malicious domains and subdomains host these websites, which entice recruiters to register for an account,” the company added. “The websites are password-protected to impede analysis.”
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
Some parts of this article are sourced from:
thehackernews.com
Russian Hackers Sandworm Cause Power Outage in Ukraine Amidst Missile Strikes