HQ/EMEAFind out how we can help your business
The notorious North Korea-linked advanced persistent threat group Sapphire Sleet has targeted IT job seekers in their new cybercriminal campaign. Microsoft researchers have warned about a sophisticated social engineering campaign orchestrated by the group, revealing a shift in its tactics.
Sapphire Sleet has gained notoriety for its previous campaigns after targeting cryptocurrency exchanges, venture capital firms, and banks. However, Microsoft explained that their latest move involves creating a series of deceptive skills assessment portals.
The Sapphire Sleet APT group generated websites that pose as skills assessment portals.
The threat actors behind Sapphire Sleet group have developed websites that present themselves as skills assessment portals. These portals are a novel tactic for the threat actors since they have previously executed similar campaigns in their LinkedIn accounts to lure victims.
The threat actors then transition to other platforms, like instant messaging apps or email, to execute their malicious activities once they establish communication with unsuspecting job seekers.
Previous Sapphire Sleet campaigns utilised weaponised attachments or links hosted on legitimate websites like GitHub. However, Microsoft claims that the APT group has adopted new strategies, like creating their websites to lure more victims since their past attacks became more known. Currently, the APT group makes multiple domains, a disguise to trick recruiters into registering for accounts on these deceptive platforms.
This revelation comes after discovering a new macOS malware strain, ObjCShellz, attributed to the North Korea-linked APT BlueNoroff. The malware shares similarities with the RustBucket malware campaign associated with the same APT group.
Adding to the growing concerns, a related incident from the Lazarus APT group has been employing the new KandyKorn macOS malware variant in attacks against blockchain engineers. These details further show the adaptive nature of these threat actors, continuously modifying their tactics to infiltrate high-value targets within the cryptocurrency industry.
Organisations and individuals must remain vigilant against the evolving strategies of APT groups like Sapphire Sleet. The latest focus on IT job seekers shows a broader range of potential targets and reinforces the need for a proactive and multi-layered approach to cybersecurity.
Lastly, collaborating with cybersecurity experts and organisations is crucial to staying one step ahead of these sophisticated attackers who always exploit vulnerabilities for financial gain and potentially disruptive geopolitical motives.
