Hackers Impersonate Meta Recruiter to Target Aerospace Firm
Cyberwarfare / Nation-State Attacks
,
Fraud Management & Cybercrime
,
Social Engineering
Lazarus Deploys New Backdoor to Target Aerospace Firm
Researchers discovered an undocumented backdoor named LightlessCan being used by the North Korea-backed Lazarus Group to target a Spanish aerospace company.
See Also: Live Webinar | Cyber Resilience: Recovering from a Ransomware Attack
Eset researchers said an employee of the aerospace firm was lured with a fake job opportunity. The attacker masquerading as a Meta recruiter and tricked the victim into downloading and executing the malicious codes on a company device.
The hackers obtained initial access to the company’s network last year after a successful spear-phishing campaign and masquerading as a recruiter for Meta.
The ongoing attack campaign called “Operation DreamJob” is run by Lazarus, where a fake recruiter reach out to the victim via LinkedIn and sends two coding challenges required as part of the hiring process.
“The most worrying aspect of the attack is the new type of payload, LightlessCan, a complex and possibly evolving tool that exhibits a high level of sophistication in its design and operation, representing a significant advancement in malicious capabilities compared to its predecessor, BlindingCan,” researchers said.
Recently, federal authorities warned of “significant risk” for potential attacks on healthcare and public health sector entities by the Lazarus group involving exploitation of a critical vulnerability in 24 ManageEngine IT management tools from Zoho.
The alert issued by the U.S. Department of Health and Human Services’ Health Sector…
