Last week, SentinelOne observed variants of the malware using new lures for vacancies at. Decoy PDF documents advertising positions on crypto exchange platform Coinbase were discovered by our friends at ESET back in August 2022, with indications that the campaign dated back at least a year. While those campaigns distributed Windows malware, macOS malware has been discovered using a similar tactic. North-Korean linked APT threat actor Lazarus has been using lures for attractive job offers in a number of campaigns since at least 2020, including targeting aerospace and defense contractors in a campaign dubbed ‘Operation Dream Job’. In this post, we review the details of this ongoing campaign and publish the latest indicators of compromise. In recent days, SentinelOne has seen a further variant in the same campaign using lures for open positions at rival exchange. Back in August, researchers at ESET spotted an instance of Operation In(ter)ception using lures for job vacancies at cryptocurrency exchange platform Coinbase to infect macOS users with malware.
0 kommentar(er)
