BlueNoroff Shifts Tactics: Targets C-Suite and Managers with New Infiltration Methods

The North Korean-linked threat group BlueNoroff, also known by aliases including Sapphire Sleet, APT38, and Alluring Pisces, continues to evolve its attack tactics while maintaining its primary focus on financial gain.

The group has shifted its strategy to employ sophisticated new infiltration methods targeting high-value victims including C-level executives, managers, and blockchain developers within the Web3 and venture capital sectors.

Security researchers have identified two distinct campaigns, dubbed GhostCall and GhostHire, which showcase the actor’s increasing sophistication and use of social engineering techniques combined with advanced malware delivery mechanisms.paste.txt​

The GhostCall campaign represents one of BlueNoroff’s most deceptive operations, leveraging carefully crafted phishing tactics to compromise macOS systems used by executives at technology companies and venture capital firms.

The attack begins on Telegram, where threat actors impersonate venture capitalists or use compromised accounts of legitimate entrepreneurs to establish contact with targets.

They pitch ...