SapphireStealer

SapphireStealer is a malicious software, or malware, that has gained significant traction in the cybersecurity landscape. This open-source .NET-based information-stealing malware has been employed by various threat groups, with some even creating their own customized versions. The malware's capabilities include collecting host information, browser data, files, and screenshots, then exfiltrating this information as a ZIP file using the Simple Mail Transfer Protocol (SMTP). The source code of SapphireStealer was leaked on the internet, leading to more threat actors leveraging it to develop improved versions of the malware. The Lazarus Group, a notorious cybercriminal organization, has been implicated in the resurgence of SapphireStealer. According to Cisco Talos Research, they have launched a new malware campaign targeting businesses in the UK and US. Furthermore, the healthcare sector remains a primary target for these hackers. The modifications to SapphireStealer's code base have led to numerous variations of the malware, making it a versatile tool for different threat actors. Despite the uncertainty surrounding who exactly is behind the developments and modifications of SapphireStealer, its widespread usage and adaptability are clear. As noted by SentinelOne, it is possible that the same team of malware developers could be behind both stealers, but it's equally plausible that different individuals or teams are using similar techniques to achieve their objectives. In any case, the evolving nature of SapphireStealer underscores the importance of continuous vigilance and robust cybersecurity measures.