North Korean hackers are targeting aerospace - Lazarus Group tricks employees into installing malware themselves

cyber, attack, hacked word on screen binary code display, hacker
(Image credit: Shutterstock/supimol kumying)

A famous cybercriminal group known for its links to the North Korean regime has continued its spree of recent attacks by targeting an unnamed Spanish aerospace company.

Lazarus, notably known for its 2017 WannaCry attack, have been adapting and evolving their methods of attack.

This latest attack is a variant of its ‘Dream Job’ campaign which recently targeted Amazon employees.

Malware disguised as a coding challenge

Employees were approached by what appeared to be recruiters from Meta through LinkedIn, who were looking for individuals to complete a coding challenge to demonstrate their capabilities. 

Rather than launching the coding challenge, the files instead installed malware most likely intended to steal aerospace data, according to ESET researchers. Aerospace data has long been a target of North Korean hackers and theory behind this is its use in North Korean nuclear missile programmes. Part of the malware included Lazarus’ latest backdoor software, LightlessCan, which is built upon the group's work with their previous payload, BlindingCan.

“The most worrying aspect of the attack is the new type of payload, LightlessCan, a complex and possibly evolving tool that exhibits a high level of sophistication in its design and operation, representing a significant advancement in malicious capabilities compared to its predecessor, BlindingCan.” the ESET reporter stated.

“The attackers can now significantly limit the execution traces of their favorite Windows command line programs that are heavily used in their post-compromise activity. This maneuver has far-reaching implications, impacting the effectiveness of both real-time monitoring solutions and of post-mortem digital forensic tools.”

Via The Register

More from TechRadar Pro

Benedict Collins
Staff Writer (Security)

Benedict Collins is a Staff Writer at TechRadar Pro covering privacy and security. Before settling into journalism Ben worked as a Livestream Production Manager, covering games in the National Ice Hockey League for 5 years and contributing heavily to the advancement of livestreaming within the league.

He has a MA in Security, Intelligence and Diplomacy, alongside a BA in Politics with Journalism, both from the University of Buckingham. Outside of work Ben follows many sports; most notably ice hockey and rugby. When not running or climbing, Ben can most often be found deep in the shrubbery of a pub garden.