Novel social engineering attack infrastructure established by BlueNoroff

New fraudulent skills assessment portals have been established by North Korean hacking operation BlueNoroff, also known as Sapphire Sleet, as part of its new infrastructure for facilitating social engineering attacks aimed at exfiltrating cryptocurrency, BleepingComputer reports. Such an approach represents a departure from BlueNoroff's direct or link-based distribution of malicious payloads hosted on GitHub and other legitimate websites, which may have stemmed from online services' accelerated identification and removal of malicious attachments, a report from Microsoft Threat Intelligence showed. "Sapphire Sleet typically finds targets on platforms like LinkedIn and uses lures related to skills assessment. The threat actor then moves successful communications with targets to other platforms," said researchers. The findings come after BlueNoroff was linked by Jamf Threat Labs researchers to attacks leveraging the novel ObjCShellz macOS malware aimed at the financial sector. Various cryptocurrency and financial cyberattacks around the world over the past few years have also been attributed by Kaspersky to BlueNoroff.