North Korean Group Sapphire Sleet Launches Phishing Campaign Targeting macOS Users

Severity: High (Score: 72.5)

Sources: Blogs.Microsoft, Nknews, www.korearisk.com

Summary

A North Korean hacking group known as Sapphire Sleet has initiated a phishing campaign aimed at Apple computer users, focusing on stealing cryptocurrency and sensitive data. This campaign utilizes social engineering tactics to trick users into executing malicious code, thereby bypassing macOS security measures. Microsoft Threat Intelligence reported that the attackers employ a combination of trusted system tools and fileless execution techniques, marking a shift towards more deceptive cyberattack methods. The campaign does not exploit software vulnerabilities but relies on user actions to facilitate the intrusion. As of April 17, 2026, the attack's full scope and impact are still being assessed, but it poses a significant risk to individuals and organizations using macOS systems. Key Points: • Sapphire Sleet targets Apple computers through social engineering and user-driven execution. • The campaign aims to steal cryptocurrency and sensitive data without exploiting software flaws. • Microsoft reports the use of fileless execution techniques to bypass macOS security protections.

Key Entities

• Sapphire Sleet (apt_group)
• Data Breach (attack_type)
• Phishing (attack_type)
• T1566 - Phishing (mitre_attack)
• MacOS (platform)