Lazarus ‘Operation In(ter)ception’ Targets macOS Users Dreaming of Jobs in Crypto
Contents
|
|
Back in August, researchers at ESET spotted an instance of Operation In(ter)ception using lures for job vacancies at cryptocurrency exchange platform Coinbase to infect macOS users with malware. In recent days, SentinelOne has seen a further variant in the same campaign using lures for open positions at rival exchange Crypto.com. In this post, we review the details of this ongoing campaign and publish the latest indicators of compromise.
Coinbase Campaign Turns to Crypto.com
North-Korean linked APT threat actor Lazarus has been using lures for attractive job offers in a number of campaigns since at least 2020, including targeting aerospace and defense contractors in a campaign dubbed ‘Operation Dream Job’.
While those campaigns distributed Windows malware, macOS malware has been discovered using a similar tactic. Decoy PDF documents advertising positions on crypto exchange platform Coinbase were discovered by our friends at ESET back in August 2022, with indications that the campaign dated back at …
|
Back in August, researchers at ESET spotted an instance of Operation In(ter)ception using lures for job vacancies at cryptocurrency exchange platform Coinbase to infect macOS users with malware. In recent days, SentinelOne has seen a further variant in the same campaign using lures for open positions at rival exchange Crypto.com. In this post, we review the details of this ongoing campaign and publish the latest indicators of compromise.
Coinbase Campaign Turns to Crypto.com
North-Korean linked APT threat actor Lazarus has been using lures for attractive job offers in a number of campaigns since at least 2020, including targeting aerospace and defense contractors in a campaign dubbed ‘Operation Dream Job’.
While those campaigns distributed Windows malware, macOS malware has been discovered using a similar tactic. Decoy PDF documents advertising positions on crypto exchange platform Coinbase were discovered by our friends at ESET back in August 2022, with indications that the campaign dated back at …
IoC
1b32f332e7fc91252181f0626da05ae989095d71
1f0f9020f72aa5a38a89ffd6cd000ed8a2b49edc
65b7091af6279cf0e426a7b9bdc4591679420380
a57684cc460d4fc202b8a33870630414b3bbfafc
[email protected]
[email protected]
http://concrecapital.com
http://market.contradecapital.com
1f0f9020f72aa5a38a89ffd6cd000ed8a2b49edc
65b7091af6279cf0e426a7b9bdc4591679420380
a57684cc460d4fc202b8a33870630414b3bbfafc
[email protected]
[email protected]
http://concrecapital.com
http://market.contradecapital.com