Lazarus Group’s Sub-cluster Sets Up Fake Skills Assessment Site to Breach Security
• Lazarus Group sub-cluster associated with various names including Sapphire Sleet, APT38, BlueNoroff, CageyChameleon, and CryptoCore unveiled a new strategy in their cyber espionage campaigns.
• This new infrastructure is designed to copy skills assessment portals.
• The tactic shows a significant shift in the modus operandi.
Impersonating Skills Assessment Portals
The Lazarus Group’s pesky sub-cluster, known to some as the Da Vinci Code of cyberspace crime ring given its myriad names, has come up with a new trick up its sleeve. It now impersonates skills assessment portals, a move that gives “prank call” a whole new meaning. In this case, the prank involves tricking victims to believe they are interacting with legitimate skills assessment platforms when in reality they’re touching base with our cyber-baddies.
If there’s anyone who can recognize a wolf in sheep’s clothing, it’s Microsoft. The tech titan attributed this seemingly cunning move to Sapphire Sleet, another pseudonym of the sub-cluster, noting a significant deviation in their usual antics. For Microsoft, this isn’t just a game of “pin the tail on the donkey,” they’re unmasking a significant shift in the persistent actor’s tactics.
The Shape-shifting Cyber Threat Actor, Sapphire Sleet
The elusive Sapphire Sleet aka APT38, BlueNoroff, CageyChameleon, CryptoCore, and many-other-aliases is the shape-shifter of the cyber threat world. It’s like trying to pin down a chameleon on a color change bender. As evident from this recent stunt, it continues to evolve its nefarious strategies to interfere with cybersecurity.
In the high-stakes world of cybersecurity, Lazarus Group’s cunning sub-cluster, Sapphire Sleet is pulling out fresh tactics out of its digital hat to throw security measures off balance. Posing as a skills assessment portal, they’re fooling unsuspecting victims and successfully infiltrating secured spaces proving that sometimes all that glitters is not gold, or in this case, all that tests isn’t trustworthy. Remember folks, always double-check before putting your cybersecurity to the test.
Original Article: https://thehackernews.com/2023/11/microsoft-warns-of-fake-skills.html