Mac Attack: North Korea's Lazarus APT Targets Apple's M1 Chip
Lazarus continues to expand an aggressive, ongoing spy campaign, using fake Coinbase job openings to lure in victims.
Coverage of reported Lazarus-linked intrusions, infrastructure, disruption efforts, and defensive guidance that helps explain cybersecurity risks.
Search across headline titles and summaries.
Background for this topic.
Lazarus is a name used by security researchers and public authorities for a suspected, loosely defined intrusion set associated with multiple malware and cyber-espionage operations. The label may cover related but not identical activity, and attribution can change as technical evidence is reassessed. Public reporting has connected the name to incidents involving credential theft, malicious software, theft of funds, and disruptive attacks; those reports should not automatically be treated as proof that every campaign sharing similar tooling has the same operator.
For defenders, coverage under this tag is most useful when it identifies the initial access path, affected software, infrastructure, and evidence supporting attribution. Practical priorities include phishing-resistant multifactor authentication for privileged and remote access, prompt remediation of exploited internet-facing systems, application allowlisting for sensitive environments, and monitoring for unusual authentication, scripting, and outbound connections. During a suspected intrusion, preserve endpoint, identity, email, and network logs before containment changes evidence, then scope for stolen credentials and persistence across connected systems.
Lazarus continues to expand an aggressive, ongoing spy campaign, using fake Coinbase job openings to lure in victims.
North Korean hackers from the Lazarus group have been using a signed malicious executable for macOS to impersonate Coinbase and lure in employees in the financial technology sector. [...]
The North Korean APT is using a fake job posting for Coinbase in a cyberespionage campaign targeting users of both Apple and Intel-based systems.
Cobalt, Lazarus, MageCart, Evil, Revil — cybercrime syndicates spring up so fast it's hard to keep track. Until…they infiltrate your system. But you know what's even more overwhelming than rampant cybercrime? Building your organization's security framework. CIS, NIST, PCI DSS, HIPAA, HITrust, and the list goes on. Even if you had the resources to implement every relevant industry standard and
The North Korea-backed Lazarus Group has been observed targeting job seekers with malware capable of executing on Apple Macs with Intel and M1 chipsets