A sub-cluster within the infamous Lazarus Group has established new infrastructure that impersonates skills assessment portals as part of its social engineering campaigns.
Microsoft attributed the activity to a threat actor it calls Sapphire Sleet, describing it as a “shift in the persistent actor’s tactics.”
Earlier this week, Jamf Threat Labs implicated the threat actor to a new macOS malware family called ObjCShellz that’s assessed to be a late-stage payload delivered in connection with another macOS malware known as RustBucket.
The tech giant said past campaigns mounted by the hacking crew involved sending malicious attachments directly or embedding links to pages hosted on legitimate websites like GitHub.
“Several malicious domains and subdomains host these websites, which entice recruiters to register for an account,” the company added. “The websites are password-protected to impede analysis.”
Source: https://thehackernews.com/