- Pro
- Security
A Lazarus spinoff is stirring trouble among companies
When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.
(Image credit: Shutterstock)
- Copy link
- X
- Threads
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Become a Member in Seconds
Unlock instant access to exclusive member features.
Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.You are now subscribed
Your newsletter sign-up was successful
Join the club
Get full access to premium articles, exclusive features and a growing list of member rewards.
Explore An account already exists for this email address, please log in. Subscribe to our newsletter- Microsoft warns North Korean Sapphire Sleet (APT38) targeting Western businesses with fake job scams
- Malicious Zoom lookalike drops infostealers to steal cryptocurrency
- Campaign focuses on macOS users; Apple pushed automatic protections to block attacks
North Korean state-sponsored threat actors called Sapphire Sleet are targeting businesses in the west with infostealer malware in an attempt to nab their cryptocurrencies, experts have warned.
Security analysts from Microsoft said the group, also known as APT38, and most likely a spinoff from the infamous Lazarus Group, has been at it since at least 2020, and has employed one of the most successful techniques in its arsenal - fake jobs.
Sapphire Sleet would create a whole slew of fake, nonexistent things on social media: companies, recruiters, job ads, and anything else needed to make the scam look like a legitimate hiring attempt - with the victims are then approached, either via email or different social media channels, and offered the job (with enticing compensation offers).
Article continues below You may like-
North Korean hackers target Microsoft Virtual Studio Code
-
North Korean hackers use AI-generated video to deliver malware for macOS and Windows
-
'The prevailing wisdom used to be that macOS was at lower risk of malware infection compared to Windows...that’s no longer the case': Experts warn Mac infostealers are on the rise - here's how to stay safe
Attacking humans
During the process, however, the “recruiters” would ask the victim to join a Zoom video call, but the software used is not the real Zoom - instead, it is a fake, malicious version, designed to drop an infostealer on the device.
Speaking about the report, Sherrod DeGrippo, Microsoft global threat intelligence GM, told The Register why crooks focus on attacking the human, rather than the system: "Social engineering lets attackers route around hardened perimeters by convincing users to act on their behalf, turning a human into the vulnerability. It's low-cost, hard to patch, and scales well," DeGrippo explained.
"Users are conditioned to accept remote support interactions like downloading tools, following instructions, clicking prompts," she added. "Attackers exploit this familiarity to make malicious actions feel routine, lowering victim skepticism at the critical moment of compromise."
The campaign targets macOS users, it was said. Microsoft reached out to Apple, who added “platform-level protections” to help detect and block the malware and the infrastructure it uses. The updates were sent out automatically, meaning users need not update manually.
Are you a pro? Subscribe to our newsletterContact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.
The best antivirus for all budgetsOur top picks, based on real-world testing and comparisons➡️ Read our full guide to the best antivirus1. Best overall:Bitdefender Total Security2. Best for families:Norton 360 with LifeLock3. Best for mobile:McAfee Mobile Security
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
Sead FadilpašićSocial Links NavigationSead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
View MoreYou must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
Logout Read more
Security
North Korean hackers target Microsoft Virtual Studio Code
Security
North Korean hackers use AI-generated video to deliver malware for macOS and Windows
Security
'The prevailing wisdom used to be that macOS was at lower risk of malware infection compared to Windows...that’s no longer the case': Experts warn Mac infostealers are on the rise - here's how to stay safe
Security
'macOS is becoming a more attractive target, and the tools attackers use are becoming more capable and more professional': Experts warn 'convincing' fake CleanMyMac installs target Apple users to empty crypto wallets
Security
Microsoft warns infostealer malware is 'rapidly expanding beyond traditional Windows-focused campaigns' and targeting Mac devices
Security
Linux users targeted as crypto-stealing malware hits Snap packages - here's how to stay safe
Latest in Security
Security
Europol launches Operation PowerOFF — warns 75,000 DDoS users and takes down 53 domains
Security
China completes testing on tool capable of slicing undersea cables
Security
Experts warn FIFA World Cup partners could be putting customers at risk of email attacks
Security
This legit-looking software is actually antivirus-killing adware
Security
Russia hits European thermal power plant in attempted ‘destructive’ cyberattack
Security
An ancient Microsoft Excel security flaw could let hackers hijack your entire system, so patch now
Latest in News
Turntables
‘Your vinyl, vacuum-clamped’: this elite turntable makes your records float on air
Mirrorless Cameras
Insta360's first mirrorless camera leaked — and it's splitting opinion
Virtual Reality & Augmented Reality
Meta hikes Quest 3 and Quest 3S prices — and blames the RAM crisis
Storage & Backup
More fake Samsung SSDs have been spotted – and CPU sales are slumping badly
Gaming
007 First Light has its own Bond theme by award-winning singer Lana Del Rey
Pro
OpenAI takes major shot at Claude Code with major workplace updates
LATEST ARTICLES- 1Microsoft experts warn North Korean attackers target macOS users with 'a highly reliable infection chain' to steal passwords, financial data and more — here's how to stay safe
- 2‘This was inevitable’: Meta blames RAM crisis for Quest 3 and Quest 3S price hikes, but fans still think they’re still a good deal
- 3Why doesn't Canva just use GPT, Claude, Gemini...?
- 4'Fresh' or 'hideous'? Insta360's first mirrorless camera has leaked again — and photographers can't decide if they love it or hate it
- 5'The serious audiophile Record Store Day deck': this elite new turntable unnerves me almost as much as it piques my interest