Search
HomeCryptoReplay of LABScon23: Analysis of macOS Components Utilized in North Korean Crypto-Heists
Replay of LABScon23: Analysis of macOS Components Utilized in North Korean Crypto-Heists
Crypto

Replay of LABScon23: Analysis of macOS Components Utilized in North Korean Crypto-Heists

admin
By admin

-

101
0

Uncovering North Korean APTs Targeting macOS Devices: A Deep Dive into Similarity Analysis of Mach-O Binaries and Linked Dynamic Libraries

In a groundbreaking presentation at LABScon 2023, Greg Lesnewich of Proofpoint delved into the world of North Korean APTs targeting macOS devices. With a focus on similarity analysis of Mach-O binaries and linked dynamic libraries, Lesnewich provided researchers with new techniques for hunting down these increasingly active threats.

While many state-aligned threats have explored macOS malware, North Korea has shown a particular dedication to compromising Apple’s desktop operating system for both espionage and financial gain. The world of macOS malware analysis is a complex and exciting space, with most discussions focusing on functionality and capability rather than how to find more similar samples. Analysts often rely on string searching, making the process more challenging compared to analyzing Windows executables.

Lesnewich’s talk introduced easy pivots for Mach-O files, using North Korean samples as a case study. He guided the audience through the North Korean clusters using Mach-O samples, illustrating how these clusters intersect and how their families relate to one another. By demonstrating simple pivots, Lesnewich showed how analysts can link a group’s families together more effectively.

Greg Lesnewich, a senior threat researcher at Proofpoint specializing in tracking malicious activity linked to North Korea, brought his expertise in threat intelligence and incident response to the presentation. With a background in building threat intelligence programs for Fortune 50 financial organizations, Lesnewich provided valuable insights into the world of North Korean cyber threats.

LABScon 2023, hosted by SentinelOne’s research arm, SentinelLabs, is a premier cybersecurity conference that brings together top minds in the field. The event offers an immersive experience for cybersecurity professionals to stay updated on the latest trends and techniques in the industry.

For those interested in staying informed about LABScon 2024 and future developments in cybersecurity, be sure to follow the latest updates from SentinelLabs.

Previous article
Is Restaking Trending in Ethereum (ETH) and Solana (SOL)? Should We Be Concerned?
Next article
ASIC Miner for Specific Applications

LATEST POSTS

Crypto

Kamala Harris’ Positions on Big Tech, Artificial Intelligence, and Cryptocurrency

Tech Industry's Support for Vice President Kamala Harris: Where She Stands on AI, Big Tech, and Crypto Vice President Kamala Harris Emerges as Front-Runner for...
Ethereum

Trading Begins for Ether ETFs, Initial Inflow Data Released

Ether ETFs See Strong Inflows in First 15 Minutes of Trading, Bitwise Leads the Pack Ether ETFs Make Strong Debut on Stock Exchanges, Attracting $112...
Blockchain

Epic Games CEO Hints at Blockchain Integration for Fortnite, Rules Out Crypto and NFTs

Epic Games CEO Teases Blockchain for Fortnite, No Crypto or NFTs - Technical Potential Over Financial Uses Epic Games CEO Tim Sweeney has hinted at...
Binance

XRP Outperforms BTC, SOL, and ETH on Binance, Coinbase, and Kraken in Key Metric

XRP Surpasses Bitcoin, Solana, and Ethereum in Trade Volume on Major Exchanges The cryptocurrency market is buzzing with excitement as XRP, the digital asset associated...
Load more

Most Popular

Latest articles

Popular Updates

Popular Categories

bitcoin
Bitcoin (BTC) $ 89,222.00
ethereum
Ethereum (ETH) $ 2,960.01
tether
Tether (USDT) $ 0.999011
bnb
BNB (BNB) $ 873.89
xrp
XRP (XRP) $ 1.91
usd-coin
USDC (USDC) $ 0.999622
solana
Solana (SOL) $ 127.56
tron
TRON (TRX) $ 0.295811
staked-ether
Lido Staked Ether (STETH) $ 2,955.09
dogecoin
Dogecoin (DOGE) $ 0.12464