Targeting of Mac users at financial institutions
Date of report
  • April 2023
BlueNoroff, a subgroup of North Korea’s Lazarus Group, was observed using a new Mac operating-system malware family, dubbed RustBucket, in recent attacks on Mac machines. Based on the lures used, BlueNoroff likely targeted the financial technology sector with the malware. RustBucket can be used to gather system information and allows the attacker to perform various actions on infected machines.
Suspected victims
  • Financial technology firms and their employees who use the Mac operating system
Suspected state sponsor
  • Korea (Democratic People's Republic of)
Type of incident
  • Espionage
Target category
  • Private sector
Victim government reaction
  • Unknown
Policy response
Suspected state sponsor response