According to Proofpoint threat researcher Greg Lesnewich, TA444 debuted the SpectralBlur malware in August.
TA444 often shares overlaps with its well-known cousin APT, Lazarus Group.
Lesnewich noted that SpectralBlur malware contains similar strings within its code to the KandyKorn macOS data stealer, which emerged in early November in Lazarus Group campaigns used to target blockchain engineers connected to cryptocurrency exchanges.
Proofpoint was subsequently able to link KandyKorn back to TA444 as well, via a phishing campaign analysis.
SpectralBlur is just the latest tool designed to go after macOS users, who are becoming a particular focus for North Korean nation-state attackers.
This Cyber News was published on www.darkreading.com. Publication date: Fri, 05 Jan 2024 20:05:04 +0000