Hackers linked to a notorious group within the North Korean government have launched an attack on an aerospace company in Spain, according to researchers at security firm ESET.
In a report released Friday, researchers said they discovered a campaign led by hackers linked to Lazarus – an infamous group that has stolen billions from cryptocurrency companies over the past two years.
Employees of the unnamed company received messages on LinkedIn from a fake Meta recruiter and were tricked into opening malicious files purporting to encode quizzes or challenges.
Once opened, the files infect a victim’s device with a backdoor that would allow hackers to carry out espionage, according to ESET.
“The most worrying aspect of the attack is the new type of payload, LightlessCan, a complex and potentially scalable tool that exhibits a high level of sophistication in its design and operation, and represents a significant advancement in capabilities malicious compared to its predecessor, BlindingCan. “, said ESET researcher Peter Kálnai, who made the discovery.
The hackers gained access to the company’s network through a successful spearphishing campaign.
The fake recruiter pretended to be from Meta and offered employees two coding challenges that they claimed were part of the application process. The employee, one of several contacted, downloaded the files to a company device.
A spearphishing message purportedly from a Meta recruiter. Source: ESET
Researchers noted that the campaign was sophisticated, with malware aimed only at the victim’s machine.
Lazarus has been around since at least 2009 and continues to launch a series of campaigns targeting organizations important to North Korea.
“The diversity, number and eccentricity in the implementation of Lazarus campaigns define this group, which carries out the three pillars of cybercriminal activities: cyberespionage, cybersabotage and the search for financial gain,” the researchers said. ESET. said.
“Aerospace companies are not an unusual target for North Korea-aligned APT groups. »
Many of the country’s cyberattacks contribute to the country’s nuclear weapons program, either by stealing cryptocurrency and money to fund the program or by hacking companies with technical knowledge that could support their efforts.
Recruitment lures are a characteristic of North Korean hackers, who have used this tactic repeatedly to target a wide range of industries.
Last year, researchers from Symantec and Google published a report about a North Korean campaign in which hackers posed as recruiters from Disney, Google and Oracle offering fake job opportunities to people working for chemical sector organizations in South Korea.
In July, North Korean hackers used fake recruiting documents in the US military to trick people into downloading malware installed on legitimate, but compromised, South Korean e-commerce sites.
Future saved
Intelligence cloud.
No previous articles
No new articles
Jonathan Greig
Jonathan Greig is a breaking news reporter at Recorded Future News. Jonathan has worked as a journalist around the world since 2014. Before returning to New York, he worked for media outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.