North Korean state-sponsored actor Sapphire Sleet (UNC1069) has launched a targeted campaign against macOS users within the AI/ML and cryptocurrency sectors. The adversary utilizes HuggingFace as a delivery vector, deploying malicious models and repository-based lures coupled with AI-enhanced social engineering to compromise developer environments. Once execution is achieved via macOS-specific payloads, the threat actor deploys specialized modules to harvest SSH keys and exfiltrate cryptocurrency wallet data. This shift indicates a tactical pivot toward high-value individual targets and the exploitation of trust in AI model repositories to bypass traditional perimeter defenses.
-
Incident Overview: Campaign Scope
- State-sponsored activity attributed to UNC1069 (Sapphire Sleet) targeting the intersection of AI and finance.
- Strategic shift toward the macOS ecosystem, moving away from traditional Windows-centric APT patterns.
- Primary objectives include the direct theft of digital assets and the compromise of secure development pipelines.
-
Attack Vector: HuggingFace & Social Engineering
- Utilization of HuggingFace to host malicious AI models or repository-based lures to deceive developers.
- Deployment of AI-generated, highly tailored phishing templates to increase lure conversion rates.
- Exploitation of the "trust relationship" inherent in open-source AI model sharing to facilitate initial access.
-
Technical Execution: macOS Payload Mechanics
- Use of macOS-specific execution chains designed to evade standard endpoint detection and response (EDR) tools.
- Deployment of dedicated scripts for the systematic harvesting of SSH keys from sensitive system directories.
- Implementation of specialized exfiltration modules targeting local cryptocurrency wallet storage and seed phrases.
-
Threat Profile: Impact & Attribution
- High-impact targeting of AI/ML researchers, software engineers, and cryptocurrency stakeholders.
- Risk of systemic compromise to development environments via stolen SSH credentials.
- Attribution to North Korean intelligence services based on C2 infrastructure and code overlap with UNC1069.
-
Defensive Actions: Mitigation & Detection
- Implementation of strict auditing for HuggingFace model provenance and cryptographic checksum verification.
- Enhanced monitoring for unauthorized access attempts to
~/.sshand known cryptocurrency wallet paths on macOS. - Deployment of specific IoCs, including file hashes and C2 domain patterns, to block known Sapphire Sleet infrastructure.
Related posts
- Microsoft
- Cybersecuritynews
- gbhackers.com — North Korean APT Targets macOS to Steal Crypto Wallets and SSH Keys
- Cybernews
- Radar
- Exchange
- Socprime
- Scworld
- The Hacker News — New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration
- bulwarkblack.com — ChatGPT Lockdown Mode Shows Prompt Injection Defense Is About Egress Control
- Letsdatascience
- Au
- cybersecurity.pk — New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration
- techjacksolutions.com — OpenAI Lockdown Mode Addresses Prompt Injection Exfiltration Paths, With Acknowledged Gaps
- Thehackernews
- Rescana
- Bleepingcomputer
- Xfe-development
- Paubox
- Enterprisedna
- Engadget
- Gadgets360
- Custommapposter
- Techinasia
- Openai
- Thenextweb
- Neowin
- gbhackers.com — New ChatGPT Lockdown Mode Aims to Block Prompt Injection and Data Exfiltration Attacks
- thecyberexpress.com — Is OpenAI’s New Lockdown Mode an Admission That Default ChatGPT Was Never Safe Enough?
- SC Media — OpenAI rolls out lockdown mode for ChatGPT to combat prompt injection attacks
- DEV Community — OpenAI Lockdown Mode + Gemma 4 On-Device: Issue #19
- csoonline.com — OpenAI’s Lockdown Mode is trying to solve the problem that it created
- bleepingcomputer.com — OpenClaw AI agent found falling for phishing attacks, spills user data
- Getaibook
- feeds.feedburner.com — New Attacks Trick OpenClaw AI Agent Into Running Code and Leaking Secrets
- techjacksolutions.com — AI Agent Skill Registries Are the New App Store Security Gap: 5% of 50K Skills Carry Multi-Stage Attack Chains
- Solanacompass
- Ai
- Esecurityplanet
- Link
- Infoq
- arXiv (Computer Science - Cryptography and Security) — MalSkillBench: A Runtime-Verified Benchmark of Malicious Agent Skills