Security News > 2023 > November > N. Korea's BlueNoroff Blamed for Hacking macOS Machines with ObjCShellz Malware

The North Korea-linked nation-state group called BlueNoroff has been attributed to a previously undocumented macOS malware strain dubbed ObjCShellz.

Jamf Threat Labs, which disclosed details of the malware, said it's used as part of the RustBucket malware campaign, which came to light earlier this year.

"Based on previous attacks performed by BlueNoroff, we suspect that this malware was a late stage within a multi-stage malware delivered via social engineering," security researcher Ferdous Saljooki said in a report shared with The Hacker News.

The development arrives days after Elastic Security Labs disclosed the Lazarus Group's use of a new macOS malware called KANDYKORN to target blockchain engineers.

Also linked to the threat actor is a macOS malware referred to as RustBucket, an AppleScript-based backdoor that's designed to retrieve a second-stage payload from an attacker-controlled server.

The disclosure also comes as North Korea-sponsored groups like Lazarus are evolving and reorganizing to share tools and tactics among each other, blurring the boundaries, even as they continue to build bespoke malware for Linux and macOS. "It is believed the actors behind campaigns are developing and sharing a variety of toolsets and that further macOS malware campaigns are inevitable," SentinelOne security researcher Phil Stokes said last month.

News URL

https://thehackernews.com/2023/11/n-korean-bluenoroff-blamed-for-hacking.html