It has been denounced by FBI and the U.S. Department of Homeland Security cybersecurity experts: It could arrive from Russian Ryuk ransomware gang.
Kaspersky GReAT : The Lazarus state-sponsored hackers start attacking the Apple macOS operating systems. The Pyongyang cyber army tried to steal money from an Asian cryptocurrency exchange platform
The Lazarus North Korean state-sponsored hackers start attacking the Apple macOS operating systems. It has been discovered by Kaspersky cyber security experts. The Company Global Research and Analysis Team (GReAT) uncovered the op, dubbed AppleJeus, which saw the Pyongyang cyber army penetrating the IT systems of an Asia-based cryptocurrency exchange platform sin infected it with Fallchill malware. According to GReAT, the goal was to steal virtual money from their victims. “It represents a wakeup call for everyone who uses this OS for cryptocurrency-related activity,” the GReAT blog reported. “To ensure that the OS platform was not an obstacle to infecting targets, it seems the attackers went the extra mile and developed malware for other platforms, including for macOS. A version for Linux is apparently coming soon, according to the website. It’s probably the first time we see this APT group using malware for macOS”.
The North Korean APT will evolve it’s strategies in the future
“The Lazarus APT group’s continuous attacks on the financial sector are not much of a surprise to anyone.” Kaspersky GReAT explained in the conclusions. “A lot of research has been done and published about such attacks. However, we think this case makes a difference. Recent investigation shows how aggressive the group is and how its strategies may evolve in the future”. First of all, the North Korean state-sponsored hackers “has entered a new platform: macOS. There is steadily growing interest in macOS from ordinary users, especially in IT companies. Many developers and engineers are switching to using it. Apparently, in the chase after advanced users, software developers from supply chains and some high profile targets, threat actors are forced to have macOS malware tools. We believe that in the future Lazarus is going to support all platforms that software developers are using as a base platform, because compromising developers opens many doors at once”.