← Back to Daily Briefing

North Korean state-sponsored actor Sapphire Sleet (UNC1069) has launched a targeted campaign against macOS users within the AI/ML and cryptocurrency sectors. The adversary utilizes HuggingFace as a delivery vector, deploying malicious models and repository-based lures coupled with AI-enhanced social engineering to compromise developer environments. Once execution is achieved via macOS-specific payloads, the threat actor deploys specialized modules to harvest SSH keys and exfiltrate cryptocurrency wallet data. This shift indicates a tactical pivot toward high-value individual targets and the exploitation of trust in AI model repositories to bypass traditional perimeter defenses.

  • Incident Overview: Campaign Scope

    • State-sponsored activity attributed to UNC1069 (Sapphire Sleet) targeting the intersection of AI and finance.
    • Strategic shift toward the macOS ecosystem, moving away from traditional Windows-centric APT patterns.
    • Primary objectives include the direct theft of digital assets and the compromise of secure development pipelines.
  • Attack Vector: HuggingFace & Social Engineering

    • Utilization of HuggingFace to host malicious AI models or repository-based lures to deceive developers.
    • Deployment of AI-generated, highly tailored phishing templates to increase lure conversion rates.
    • Exploitation of the "trust relationship" inherent in open-source AI model sharing to facilitate initial access.
  • Technical Execution: macOS Payload Mechanics

    • Use of macOS-specific execution chains designed to evade standard endpoint detection and response (EDR) tools.
    • Deployment of dedicated scripts for the systematic harvesting of SSH keys from sensitive system directories.
    • Implementation of specialized exfiltration modules targeting local cryptocurrency wallet storage and seed phrases.
  • Threat Profile: Impact & Attribution

    • High-impact targeting of AI/ML researchers, software engineers, and cryptocurrency stakeholders.
    • Risk of systemic compromise to development environments via stolen SSH credentials.
    • Attribution to North Korean intelligence services based on C2 infrastructure and code overlap with UNC1069.
  • Defensive Actions: Mitigation & Detection

    • Implementation of strict auditing for HuggingFace model provenance and cryptographic checksum verification.
    • Enhanced monitoring for unauthorized access attempts to ~/.ssh and known cryptocurrency wallet paths on macOS.
    • Deployment of specific IoCs, including file hashes and C2 domain patterns, to block known Sapphire Sleet infrastructure.

Related posts

  1. Microsoft
  2. Cybersecuritynews
  3. gbhackers.com — North Korean APT Targets macOS to Steal Crypto Wallets and SSH Keys
  4. Cybernews
  5. Radar
  6. Exchange
  7. Socprime
  8. Scworld
  9. The Hacker News — New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration
  10. bulwarkblack.com — ChatGPT Lockdown Mode Shows Prompt Injection Defense Is About Egress Control
  11. Letsdatascience
  12. Au
  13. cybersecurity.pk — New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration
  14. techjacksolutions.com — OpenAI Lockdown Mode Addresses Prompt Injection Exfiltration Paths, With Acknowledged Gaps
  15. Thehackernews
  16. Rescana
  17. Bleepingcomputer
  18. Xfe-development
  19. Paubox
  20. Enterprisedna
  21. Engadget
  22. Gadgets360
  23. Custommapposter
  24. Techinasia
  25. Openai
  26. Thenextweb
  27. Neowin
  28. gbhackers.com — New ChatGPT Lockdown Mode Aims to Block Prompt Injection and Data Exfiltration Attacks
  29. thecyberexpress.com — Is OpenAI’s New Lockdown Mode an Admission That Default ChatGPT Was Never Safe Enough?
  30. SC Media — OpenAI rolls out lockdown mode for ChatGPT to combat prompt injection attacks
  31. DEV Community — OpenAI Lockdown Mode + Gemma 4 On-Device: Issue #19
  32. csoonline.com — OpenAI’s Lockdown Mode is trying to solve the problem that it created
  33. bleepingcomputer.com — OpenClaw AI agent found falling for phishing attacks, spills user data
  34. Getaibook
  35. Reddit
  36. feeds.feedburner.com — New Attacks Trick OpenClaw AI Agent Into Running Code and Leaking Secrets
  37. techjacksolutions.com — AI Agent Skill Registries Are the New App Store Security Gap: 5% of 50K Skills Carry Multi-Stage Attack Chains
  38. Solanacompass
  39. Ai
  40. Esecurityplanet
  41. Link
  42. Infoq
  43. arXiv (Computer Science - Cryptography and Security) — MalSkillBench: A Runtime-Verified Benchmark of Malicious Agent Skills

LINK COPIED TO CLIPBOARD