 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
Tool: RustBucket| Names | RustBucket | |
| Category | Malware | |
| Type | Backdoor | |
| Description | (Sekoia) Since at least December 2022, Bluenoroff was observed leveraging RustBucket, a Rust and Objective-C written malware targeting macOS running systems. This recent Bluenoroff activity illustrates how intrusion sets turn to cross-platform language in their malware development efforts, further expanding their capabilities highly likely to broaden their victimology. While other DPRK-nexus intrusion sets, including Lazarus, Kimsuky and more recently Reaper were already reported targeting macOS, it is the first time Bluenoroff was observed targeting macOS users, to the best of our knowledge. | |
| Information | <https://blog.sekoia.io/bluenoroffs-rustbucket-campaign/> <https://www.jamf.com/blog/bluenoroff-apt-targets-macos-rustbucket-malware/> <https://www.elastic.co/security-labs/DPRK-strikes-using-a-new-variant-of-rustbucket> <https://securelist.com/bluenoroff-new-macos-malware/111290/> | |
| Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/osx.rustbucket> | |
Last change to this tool card: 16 January 2024
Download this tool card in JSON format
| Changed | Name | Country | Observed | ||
APT groups | |||||
 | Lazarus Group, Hidden Cobra, Labyrinth Chollima |  | 2007-Feb 2024  |  | |
1 group listed (1 APT, 0 other, 0 unknown)
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |