Lazarus APT continues to target cryptocurrency businesses with Mac malware


North Korea-linked Lazarus group made the headlines again, it has been leveraging PowerShell to target both Windows and macOS machines.

The North Korea-linked Lazarus APT group made has been leveraging PowerShell to target both Windows and macOS machines in a new wave of attacks.

The discovery was made by experts at Kaspersky Lab, the campaign has been ongoing since at least November 2018, Kaspersky Lab reports.

The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks and experts that investigated on the crew consider it highly sophisticated.

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems.

The group is considered responsible for the massive WannaCry ransomware attack, a string of SWIFTattacks in 2016, and the Sony Pictures hack.

In 2018, the Lazarus APT group targeted several cryptocurrency exchanges, including the campaign tracked as Operation AppleJeus discovered in August 2018. At the time, North Korea-linked Lazarus APT group leveraged for the first time on a MacOS variant of the Fallchill malware.

Read more…