lazarusholicSep 9, 2024
"Threat Assessment: North Korean Threat Groups" published by PaloaltoNetworks. #AlluringPisces, #CollectionRAT, #Comebacker, #Fullhouse, #GleamingPisces, #JumpyPisces, #KANDYKORN, #ObjCShellz, #OdicLoader, #POOLRAT, #PondRAT, #RustBucket, #SelectivePisces, #SlowPisces, #SmoothOperator, #SparklingPisces, #DPRK, #CTI https://unit42.paloaltonetworks.com/threat-assessment-north-korean-threat-groups-2024/
Threat Assessment: North Korean Threat Groups

Explore Unit 42's review of North Korean APT groups and their impact, detailing the top 10 malware and tools we've seen from these threat actors. Explore Unit 42's review of North Korean APT groups and their impact, detailing the top 10 malware and tools we've seen from these threat actors.

Unit 42
lazarusholicAug 17, 2024
"TodoSwift Disguises Malware Download Behind Bitcoin PDF" published by Kandji. #BlueNoroff, #macOS, #KANDYKORN, #DPRK, #CTI https://www.kandji.io/blog/todoswift-disguises-malware-download-behind-bitcoin-pdf
TodoSwift Disguises Malware Download Behind Bitcoin PDF

A new piece of malware that we're calling TodoSwift downloads its malicious payload alongside a seemingly legitimate piece of content about cryptocurrency.

Bob CarverJan 8, 2024
This new macOS backdoor lets hackers take over your Mac remotely — how to stay safe https://tomsguide.com/news/this-new-macos-backdoor-lets-hackers-take-over-your-mac-remotely-how-to-stay-safe #CyberSecurity #macOS #SpectralBlur #KandyKorn #NorthKorea
This new macOS backdoor lets hackers take over your Mac remotely — how to stay safe

North Korean hackers have come up with a new way to target Macs

Tom's Guide
lazarusholicJan 4, 2024
"100DaysofYARA - SpectralBlur" published by GregLesewich. #KANDYKORN, #TA444, #YARA, #CTI, #OSINT, #LAZARUS https://g-les.github.io/yara/2024/01/03/100DaysofYARA_SpectralBlur.html
100DaysofYARA - SpectralBlur

100DaysofYARA - SpectralBlur

A Clever Blog Name by Greg Lesnewich
lazarusholicJan 2, 2024
"The Mac Malware of 2023" published by Objecive-see. #RustBucket, #SmoothOperator, #ObjCShellz, #macOS, #KANDYKORN, #JokerSpy, #JumpCloud, #CTI, #OSINT, #LAZARUS https://objective-see.org/blog/blog_0x77.html
The Mac Malware of 2023 👾

gtbarryDec 3, 2023

N. Korean Hackers 'Mixing' macOS Malware Tactics to Evade Detection

The North Korean threat actors behind macOS malware strains such as RustBucket and KANDYKORN have been observed "mixing and matching" different elements of the two disparate attack chains, leveraging RustBucket droppers to deliver KANDYKORN.

#apple #MacOS #NorthKorea #RustBucket #KandyKorn #malware #security #cybersecurity #infosec #hackers #hacking #hacked

https://thehackernews.com/2023/11/n-korean-hackers-mixing-and-matching.html

N. Korean Hackers 'Mixing' macOS Malware Tactics to Evade Detection

Lazarus Group's evolving cyber tactics target macOS systems by combining elements from multiple malware campaigns for better effectiveness and to avoi

The Hacker News
lazarusholicNov 27, 2023
"DPRK Crypto Theft | macOS RustBucket Droppers Pivot to Deliver KandyKorn Payloads" published by SentinelOne. #RustBucket, #BlueNoroff, #macOS, #KandyKorn, #CTI, #OSINT, #LAZARUS https://www.sentinelone.com/blog/dprk-crypto-theft-macos-rustbucket-droppers-pivot-to-deliver-kandykorn-payloads/
DPRK Crypto Theft | macOS RustBucket Droppers Pivot to Deliver KandyKorn Payloads

Two apparently separate North Korean crypto theft campaigns targeting macOS users appear to be linked as threat actors mix and match droppers and payloads.

SentinelOne
securityaffairsNov 5, 2023
#Lazarus targets #blockchain engineers with new #KandyKorn #macOS #Malware
https://securityaffairs.com/153622/hacking/lazarus-kandykorn-malware.html
#securityaffairs #hacking
Lazarus targets blockchain engineers with new KandyKorn macOS Malware - Security Affairs

North Korea-linked Lazarus group is using new KandyKorn macOS Malware in attacks against blockchain engineers. North Korea-linked Lazarus APT group were spotted using new KandyKorn macOS malware in attacks against blockchain engineers, reported Elastic Security Labs. “KandyKorn is an advanced implant with a variety of capabilities to monitor, interact with, and avoid detection. It utilizes […]

Security Affairs
FreemindNov 1, 2023

To initiate their intrusion, the attackers lured blockchain engineers with a Python application, which served as the initial access point into the targeted environment.

#Cybersecurity #Apple #Blockchain #Malware #NorthKorea #macOS #Crypto #Kandykorn

https://cybersec84.wordpress.com/2023/11/01/dprk-cyber-threat-crypto-experts-in-the-crosshairs-of-kandykorn-macos-malware/

DPRK Cyber Threat: Crypto Experts in the Crosshairs of KANDYKORN macOS Malware

In the realm of cybersecurity, state-sponsored threat actors hailing from the Democratic People’s Republic of Korea (DPRK) have recently set their sights on blockchain engineers associated wi…

CyberSec84 | Cybersecurity news.
lazarusholicOct 31, 2023
"Elastic catches DPRK passing out KANDYKORN" published by Elastic. #KANDYKORN, #REF7001, #macOS, #CTI, #OSINT, #LAZARUS https://www.elastic.co/security-labs/elastic-catches-dprk-passing-out-kandykorn
Globally distributed stealers — Elastic Security Labs

This article describes our analysis of the top malware stealer families, unveiling their operation methodologies, recent updates, and configurations. By understanding the modus operandi of each family, we better comprehend the magnitude of their impact and can fortify our defences accordingly.