Reportseverity: High2023-04-21
Jamf Threat Labs discloses RustBucket macOS malware tied to BlueNoroff
published by Jamf Threat Labs
Actor
DPRK state-sponsored intrusion set treated by most vendors as the financial-operations subgroup of Lazarus, attributed to the Reconnaissance General Bureau. Responsible for the major SWIFT-network ba…
Summary
Jamf Threat Labs published analysis of RustBucket, a multi-stage macOS malware family attributed to BlueNoroff. The infection chain begins with a backdoored 'Internal PDF Viewer' application that only activates malicious behaviour when a specifically crafted decoy PDF is opened, then retrieves a Rust-based stage-three payload for reconnaissance and follow-on operations against finance-sector targets in Asia, Europe, and the United States.
Tags
macosrustbucketmalware-reportfinance
Primary source
jamf.comOther BlueNoroff events
- 2023-11-01Elastic Security Labs exposes KANDYKORN macOS intrusion at crypto exchange
- 2022-04-18CISA/FBI/Treasury joint advisory AA22-108A on TraderTraitor
- 2022-01-13Kaspersky exposes SnatchCrypto campaign draining cryptocurrency startups
- 2017-04-03Securelist 'Lazarus Under the Hood' details Bangladesh Bank SWIFT heist