SentinelLabs has observed a suspected DPRK threat actor targeting Crypto-related businesses with novel multi-stage malware.

Bluenoroff or APT38, more commonly referred to as Lazarus Group is a threat group which has been tied to the North Korean government since as early as 2009 primarily being financially motivated utilizing malware custom built for each target.

Early on, the threat group gained notoriety for cyberattacks such as Sony Pictures Hack in 2014 and $81M Bangladesh Bank heist in 2016 and in more recent years has shifted focus to targets in the cryptocurrency industry.

Analytics firms such as TRM and Chainalysis release annual reports summarizing crypto related incidents linked to DPRK and since 2017 they estimate between $3B to $4.1B has been stolen.

Newly discovered later-stage malware from BlueNoroff APT group targets macOS with characteristics similar to their RustBucket campaign.

Threat actors are using increasingly sophisticated forms of evasion and anti-analysis as they respond to increased attention to macOS security in the enterprise.

Learn how APT group, BlueNoroff, targets Apple with malware variant to compromise macOS devices.