Back in August, researchers spotted an instance of Operation In(ter)ception using lures for job vacancies at cryptocurrency exchange platform Coinbase to infect macOS users with malware. In recent days, researchers has seen a further variant in the same campaign using lures for open positions at rival exchange Crypto.com. In this post, we review the details of this ongoing campaign and publish the latest indicators of compromise.
ADVERSARY: Lazarus
INDUSTRIES: Cryptocurrency, Defense, Aerospace
ATT&CK IDS: T1027 - Obfuscated Files or Information, T1104 - Multi-Stage Channels, T1150 - Plist Modification, T1036 - Masquerading
Read More:
Comments