North Korean threat actor Sapphire Sleet (APT38) is conducting coordinated social engineering attacks on macOS users in the finance and cryptocurrency sectors. The group creates fake recruiter profiles on LinkedIn and schedules phony technical interviews to deliver malware disguised as Zoom software updates, aiming to steal cryptocurrency wallets and blockchain trading intellectual property. Microsoft threat intelligence attributed the campaign to a Lazarus Group offshoot and linked it to broader North Korean state-sponsored cyber targeting of financial systems.
Safety
North Korea targets macOS users in latest heist
North Korean APT38 impersonates LinkedIn recruiters to deliver Zoom-disguised macOS malware targeting cryptocurrency wallets and finance sector trading secrets.
Thursday, April 16, 2026 12:00 PM UTC2 MIN READSOURCE: The RegisterBY sys://pipeline
Tags
safety
/// RELATED