Microsoft Warns of Fake Skills Assessment Portals Targeting IT Job Seekers
Nov 11, 2023
Threat Intelligence / Cybercrime
A sub-cluster within the infamous Lazarus Group has established new infrastructure that impersonates skills assessment portals as part of its social engineering campaigns. Microsoft attributed the activity to a threat actor it calls Sapphire Sleet , describing it as a "shift in the persistent actor's tactics." Sapphire Sleet, also called APT38, BlueNoroff, CageyChameleon, and CryptoCore, has a track record of orchestrating cryptocurrency theft via social engineering. Earlier this week, Jamf Threat Labs implicated the threat actor to a new macOS malware family called ObjCShellz that's assessed to be a late-stage payload delivered in connection with another macOS malware known as RustBucket. "Sapphire Sleet typically finds targets on platforms like LinkedIn and uses lures related to skills assessment," the Microsoft Threat Intelligence team said in a series of posts on X (formerly Twitter). "The threat actor then moves successful communication