Beware: Fake Skills Assessment Portals Targeting IT Job Seekers, Microsoft Warns

    A sub-cluster within the infamous Lazarus Group has recently launched a new infrastructure. It mimics skills assessment portals to facilitate social engineering campaigns. This initiative involves creating a network of malicious domains and subdomains. These platforms distribute malware. They also use password protection to hinder analysis.

    Microsoft attributes this activity to a threat actor named Sapphire Sleet. This group is also known as APT38, BlueNoroff, CageyChameleon, and CryptoCore. Sapphire Sleet specializes in orchestrating cryptocurrency theft. They leverage social engineering tactics and target platforms like LinkedIn. Their strategies include lures related to skills assessment. Microsoft’s Threat Intelligence team has observed using legitimate websites like GitHub for hosting malicious content. They note a trend towards self-hosted websites. This shift likely aims to evade the detection and deletion of malicious payloads on third-party sites.

    Earlier this week, Jamf Threat Labs linked this actor to a new macOS malware family named ObjCShellz. Experts believe this malware acts as a late-stage payload. It connects with another macOS malware known as RustBucket.

    Sapphire Sleet’s tactics demonstrate the need for advanced cybersecurity measures. These measures protect against social engineering attacks and macOS malware distribution.

    Microsoft’s findings and Sapphire Sleet’s activities underline cyber threats’ growing complexity and sophistication. These developments emphasize the importance of robust security solutions. Such solutions are crucial to defend against these persistent and evolving threats.

    Latest articles

    Related articles