The BlueNoroff APT group, also known as Sapphire Sleet, has shifted its tactics in two significant campaigns named GhostCall and GhostHire, primarily targeting the blockchain and tech sectors. GhostCall employs fake Zoom meetings to deliver malware to executives, utilizing convincing video calls with real recordings of past victims to build trust. This campaign has been active since mid-2023, focusing on executives in tech companies, primarily using macOS devices.
On the other hand, the GhostHire campaign targets Web3 developers through deceptive recruitment processes. Victims are tricked into downloading malicious GitHub packages disguised as assessment tasks. Both campaigns share similar malware infrastructure and delivery techniques, reflecting BlueNoroff’s adaptive strategy in cybercrime. As part of their methods, BlueNoroff has integrated generative AI to enhance social engineering tactics, making their approaches more sophisticated and difficult to detect.
👉 Pročitaj original: Kaspersky Securelist
