"Threat Assessment: North Korean Threat Groups" published by PaloaltoNetworks. #AlluringPisces, #CollectionRAT, #Comebacker, #Fullhouse, #GleamingPisces, #JumpyPisces, #KANDYKORN, #ObjCShellz, #OdicLoader, #POOLRAT, #PondRAT, #RustBucket, #SelectivePisces, #SlowPisces, #SmoothOperator, #SparklingPisces, #DPRK, #CTI https://unit42.paloaltonetworks.com/threat-assessment-north-korean-threat-groups-2024/

"TodoSwift Disguises Malware Download Behind Bitcoin PDF" published by Kandji. #BlueNoroff, #macOS, #KANDYKORN, #DPRK, #CTI https://www.kandji.io/blog/todoswift-disguises-malware-download-behind-bitcoin-pdf

This new macOS backdoor lets hackers take over your Mac remotely — how to stay safe https://tomsguide.com/news/this-new-macos-backdoor-lets-hackers-take-over-your-mac-remotely-how-to-stay-safe #CyberSecurity #macOS #SpectralBlur #KandyKorn #NorthKorea

"100DaysofYARA - SpectralBlur" published by GregLesewich. #KANDYKORN, #TA444, #YARA, #CTI, #OSINT, #LAZARUS https://g-les.github.io/yara/2024/01/03/100DaysofYARA_SpectralBlur.html

"The Mac Malware of 2023" published by Objecive-see. #RustBucket, #SmoothOperator, #ObjCShellz, #macOS, #KANDYKORN, #JokerSpy, #JumpCloud, #CTI, #OSINT, #LAZARUS https://objective-see.org/blog/blog_0x77.html

N. Korean Hackers 'Mixing' macOS Malware Tactics to Evade Detection

The North Korean threat actors behind macOS malware strains such as RustBucket and KANDYKORN have been observed "mixing and matching" different elements of the two disparate attack chains, leveraging RustBucket droppers to deliver KANDYKORN.

#apple #MacOS #NorthKorea #RustBucket #KandyKorn #malware #security #cybersecurity #infosec #hackers #hacking #hacked

https://thehackernews.com/2023/11/n-korean-hackers-mixing-and-matching.html

"DPRK Crypto Theft | macOS RustBucket Droppers Pivot to Deliver KandyKorn Payloads" published by SentinelOne. #RustBucket, #BlueNoroff, #macOS, #KandyKorn, #CTI, #OSINT, #LAZARUS https://www.sentinelone.com/blog/dprk-crypto-theft-macos-rustbucket-droppers-pivot-to-deliver-kandykorn-payloads/

#Lazarus targets #blockchain engineers with new #KandyKorn #macOS #Malware
https://securityaffairs.com/153622/hacking/lazarus-kandykorn-malware.html
#securityaffairs #hacking

"🍬 Beware of KandyKorn 🍬 - Cryptocurrency Engineers, You're in the Crosshairs! 🎯"

A new macOS malware, 'KandyKorn', is targeting cryptocurrency engineers. Disguised as a crypto arbitrage bot, it's linked to North Korea's Lazarus group. The multi-stage attack begins on Discord and unfolds into a sophisticated backdoor operation. Stay vigilant! 🛡️💻

Tags: #KandyKorn #macOS #Malware #Cryptocurrency #Cybersecurity #LazarusGroup #InfoSec #Discord #APT

Credit: Article by Bill Toulas on BleepingComputer

Mitre - Lazarus Group

For a deep dive into the technicalities of the KandyKorn malware and its attack vectors, follow the insights of Bill Toulas, a seasoned tech writer and infosec news reporter. Stay updated and secure! 🛡️🔍

To initiate their intrusion, the attackers lured blockchain engineers with a Python application, which served as the initial access point into the targeted environment.

#Cybersecurity #Apple #Blockchain #Malware #NorthKorea #macOS #Crypto #Kandykorn

https://cybersec84.wordpress.com/2023/11/01/dprk-cyber-threat-crypto-experts-in-the-crosshairs-of-kandykorn-macos-malware/

"Elastic catches DPRK passing out KANDYKORN" published by Elastic. #KANDYKORN, #REF7001, #macOS, #CTI, #OSINT, #LAZARUS https://www.elastic.co/security-labs/elastic-catches-dprk-passing-out-kandykorn

#malware #detection Tuesday - can anyone help me find a sample of the #BibiLinux wiper or #SUGARLOADER / #KANDYKORN for analysis? Thanks!

https://www.virustotal.com/gui/file/23bae09b5699c2d5c4cb1b8aa908a3af898b00f88f06e021edcb16d7d558efad/detection

https://www.virustotal.com/gui/file/3ea2ead8f3cec030906dcbffe3efd5c5d77d5d375d4a54cca03bfe8a6cb59940/details

Thanks!