North Korean hackers with ties to the Lazarus group are believed to be behind a new hacking campaign targeting Apple devices.
The threat actor is deploying malware tracked as RustBucket.
- The macOS malware is presented as a PDF viewer but is an AppleScript file that can retrieve a second-stage payload from a remote server.
- Apple claims that the threat actor responsible for this campaign is BlueNoroff, a subgroup of Lazarus, also known as APT28, Nickel Gladstone, Sapphire Sleet, Stardust Chollima, and TA444.
- The malware is written in Objective-C, which was previously the main language used to develop apps for the Apple ecosystem.
- BlueNoroff is known for its sophisticated cyber-enabled heists targeting the SWIFT system and cryptocurrency exchanges.
- Earlier this year, the FBI implicated the threat actor for stealing over $100M worth of cryptocurrency assets from Harmony Horizon Bridge in June 2022. The cyberattack is considered one of the largest in the history of the cryptocurrency industry.