Lazarus and one of its spinoffs, BlueNoroff, recently debuted KandyKorn and RustBucket, respectively, two kinds of malware representing the North Korean threat groups' forays into targeting macOS machines. The malware is being used to attack cryptocurrency exchanges and other financial institutions to raise money for Kim's government. Malware Melee: APTs Mix It UpLast month, threat researchers uncovered two new types of malware being used by North Korean APTs to target macOS in the groups' typical endeavors to steal crypto and other funds to bankroll Kim's regime. The latest campaigns featuring those malwares show a mix-and-match approach to the previous attack flow, SentinelOne discovered. SentinelOne included a comprehensive list of indicators of compromise (IoCs) for the various types of malware and components observed in attacks by North Korean APTs to help potential victims identify if they've been compromised.

Source: The North Africa Journal November 29, 2023 05:37 UTC