FERRET Malware Targets macOS in Sophisticated North Korean Attacks
Contents
FERRET Malware Targets macOS in Sophisticated North Korean Attacks
Threat Group: Lazarus Group (also known as Andariel, APT38, Hidden Cobra)
Threat Type: Advanced Persistent Threat (APT)
Exploited Vulnerabilities: Social engineering tactics, including spear-phishing and fake job lures
Malware Used: FERRET Malware Family (including variants such as FlexibleFerret, InvisibleFerret, BeaverTail)
Threat Score: High (8.5/10) – Due to its sophisticated social engineering techniques, advanced malware capabilities, and targeting of critical sectors
Last Threat Observation: February 5, 2025
Overview
The Democratic People's Republic of Korea (DPRK) continues to enhance its cyber capabilities, employing sophisticated malware families such as FERRET to conduct espionage and financially motivated attacks. Recent campaigns have leveraged advanced social engineering tactics, including fake job interviews, to compromise systems across various sectors. The FERRET malware family, with its multiple variants, poses a significant threat due to its adaptability and stealth.
Key Details
- Delivery Method: Spear-phishing emails and fake job interview lures
- Target: Defense, aerospace, nuclear, engineering, and cryptocurrency sectors
- Functions:
- …
Threat Group: Lazarus Group (also known as Andariel, APT38, Hidden Cobra)
Threat Type: Advanced Persistent Threat (APT)
Exploited Vulnerabilities: Social engineering tactics, including spear-phishing and fake job lures
Malware Used: FERRET Malware Family (including variants such as FlexibleFerret, InvisibleFerret, BeaverTail)
Threat Score: High (8.5/10) – Due to its sophisticated social engineering techniques, advanced malware capabilities, and targeting of critical sectors
Last Threat Observation: February 5, 2025
Overview
The Democratic People's Republic of Korea (DPRK) continues to enhance its cyber capabilities, employing sophisticated malware families such as FERRET to conduct espionage and financially motivated attacks. Recent campaigns have leveraged advanced social engineering tactics, including fake job interviews, to compromise systems across various sectors. The FERRET malware family, with its multiple variants, poses a significant threat due to its adaptability and stealth.
Key Details
- Delivery Method: Spear-phishing emails and fake job interview lures
- Target: Defense, aerospace, nuclear, engineering, and cryptocurrency sectors
- Functions:
- …
IoC
76e3cb7be778f22d207623ce1907c1659f2c8215
17e3906f6c4c97b6f5d10e0e0e7f2a2e2c97ca54
de3f83af6897a124d1e85a65818a80570b33c47c
7da429f6d2cdd8a63b3930074797b990c02dc108
b071fbd9c42ff660e3f240e1921533e40f0067eb
7e07765bf8ee2d0b2233039623016d6dfb610a6d
831cdcde47b4edbe27524085a6706fbfb9526cef
b0caf49884d68f72d2a62aa32d5edf0e79fd9de1
203f7cfbf22b30408591e6148f5978350676268b
3e16c6489bac4ac2d76c555eb1c263cd7e92c9a5
2e51218985afcaa18eadc5775e6b374c78e2d85f
8ffa3d4f4846b168343eb6a72a216abd
a25dff88aeeaaf9f956446151a9d786495e2c546
ee7a557347a10f74696dc19512ccc5fcfca77bc5
d8245cdf6f51216f29a71f25e70de827186bdf71
1a28013e4343fddf13e5c721f91970e942073b88
e876ba6e23e09206f358dbd3a3642a7fd311bb22
828a323b92b24caa5f5e3eff438db4556d15f215
dba1454fbea1dd917712fbece9d6725244119f83
3c4becde20e618efb209f97581e9ab6bf00cbd63f51f4ebd5677e352c57e992a
bd73a1c03c24a8cdd744d8a513ae8d2ddfa2de5f
8667078a88dae5471f50473a332f6c80b583d3de
aa172bdccb8c14f53c059c8433c539049b6c2cdd
388ac48764927fa353328104d5a32ad825af51ce
17e3906f6c4c97b6f5d10e0e0e7f2a2e2c97ca54
de3f83af6897a124d1e85a65818a80570b33c47c
7da429f6d2cdd8a63b3930074797b990c02dc108
b071fbd9c42ff660e3f240e1921533e40f0067eb
7e07765bf8ee2d0b2233039623016d6dfb610a6d
831cdcde47b4edbe27524085a6706fbfb9526cef
b0caf49884d68f72d2a62aa32d5edf0e79fd9de1
203f7cfbf22b30408591e6148f5978350676268b
3e16c6489bac4ac2d76c555eb1c263cd7e92c9a5
2e51218985afcaa18eadc5775e6b374c78e2d85f
8ffa3d4f4846b168343eb6a72a216abd
a25dff88aeeaaf9f956446151a9d786495e2c546
ee7a557347a10f74696dc19512ccc5fcfca77bc5
d8245cdf6f51216f29a71f25e70de827186bdf71
1a28013e4343fddf13e5c721f91970e942073b88
e876ba6e23e09206f358dbd3a3642a7fd311bb22
828a323b92b24caa5f5e3eff438db4556d15f215
dba1454fbea1dd917712fbece9d6725244119f83
3c4becde20e618efb209f97581e9ab6bf00cbd63f51f4ebd5677e352c57e992a
bd73a1c03c24a8cdd744d8a513ae8d2ddfa2de5f
8667078a88dae5471f50473a332f6c80b583d3de
aa172bdccb8c14f53c059c8433c539049b6c2cdd
388ac48764927fa353328104d5a32ad825af51ce