Microsoft • 4w
Sapphire Sleet Targets HuggingFace and macOS for Cryptocurrency Exfiltration
North Korean state-sponsored actor Sapphire Sleet (UNC1069) has launched a targeted campaign against macOS users within the AI/ML and cryptocurrency sectors. The adversary utilizes HuggingFace as a delivery vector, deploying malicious models and repository-based lures coupled with AI-enhanced social engineering to compromise developer environments. Once execution is achieved via macOS-specific payloads, the threat actor deploys specialized modules to harvest SSH keys and exfiltrate cryptocurrency wallet data. This shift indicates a tactical pivot toward high-value individual targets and the exploitation of trust in AI model repositories to bypass traditional perimeter defenses.
Links:Microsoft, Cybersecuritynews, gbhackers.com, Cybernews, Radar, Exchange, Socprime, Scworld, The Hacker News, bulwarkblack.com, Letsdatascience, Au, cybersecurity.pk, techjacksolutions.com, Thehackernews, Rescana, Bleepingcomputer, Xfe-development, Paubox, Enterprisedna, Engadget, Gadgets360, Custommapposter, Techinasia, Openai, Thenextweb, Neowin, thecyberexpress.com, SC Media, DEV Community, csoonline.com, bleepingcomputer.com, Getaibook, Reddit, feeds.feedburner.com, Solanacompass, Ai, Esecurityplanet, Link, Infoq, arXiv (Computer Science - Cryptography and Security) •