North Korean Hackers Use AppleScript, ClickFix in Fresh macOS Attacks
Summary
North Korean hackers are targeting financial organizations like cryptocurrency, venture capital, and blockchain firms with new macOS attacks. These campaigns utilize AppleScript and a tool called ClickFix.
IFF Assessment
FOE
This is bad news for defenders as it highlights ongoing, sophisticated attacks from a state-sponsored actor targeting critical financial infrastructure.
Defender Context
Defenders should be aware of North Korean threat actors' continued focus on macOS and their evolving tactics, techniques, and procedures (TTPs). This includes monitoring for suspicious AppleScript execution and the deployment of custom tools like ClickFix within financial environments.