Sekoia: North Korean hackers use malware to steal cryptocurrencies from macOS users

Article reading time:
1 min.

Sekoia analysts have released a report revealing that North Korean hacker group BlueNoroff is attacking macOS users with malware called RustBucket.

The malware report was originally publishedJamf platform. It was later expanded and analyzed by the Sekoia team. The software called RustBucket uses a fake PDF program. When certain PDF files are opened in such a program, malicious activity is launched, Sekoia analysts explain.

“Since 2017, BlueNoroff has been seen to run campaigns targeting cryptocurrency exchanges and venture capital-related organizations in Europe, Asia, the US, and the UAE,” Sekoia said in a report.

Since 2022, BlueNoroff has started to representa global threat to crypto startups from the US, India, UK, Ukraine, Poland, Czech Republic, UAE, Singapore, Estonia, Vietnam, Malta, Germany and Hong Kong. The group used Word to inject malware in the past, but have since improved their approaches.

Earlier it became known that hacker groups,associated with North Korea stole $721 million in cryptocurrency from Japanese entrepreneurs from 2017 to January 1, 2023. Also, the US government believes that cyber attacks and theft of cryptocurrencies have become the main source of income for the North Korean authorities. At least half of North Korea's missile program is funded by cybercrime, Washington says.

</p>