Friday, April 19, 2024

Tech News, analysis, updates, comments, reviews

Lazarus attackers mimic job recruiters

Cyberattackers are impersonating a type of person who’s difficult to ignore: a recruiter saying that you’re just the right person for a new, impressive job.

At this year’s virtual ESET World conference, Jean-Ian Boutin, director of threat research at the AV provider ESET, reviewed a series of recent attempts to lure target organizations—specifically aerospace and defense companies—with bogus LinkedIn profiles and “better, high-paying” job – offers.

The impersonations are believed to be cyber-espionage efforts from the North Korea-linked hacker group, Lazarus. Lazarus cyberattackers have been suspected of sending malware since at least 2014. In 2020, McAfee discovered a series of malware-containing postings meant to lure defense-contractor targets into downloading a data-gathering implant. In February of this year, Qualys revealed how the cyber-criminal group has been targeting job-seekers with fake Lockheed Martin job offers.

In the cases presented by Boutin, the primary motivation from the Lazarus group appears to be the exfiltration of aerospace and defense data.

“They’re doing cyber-espionage in this field to actually try to close the technical gap that they might have in some of their technology, because they don’t have the means to acquire it,” Boutin said in a Q&A at ESET 2022 after his presentation.

Campaign season. Boutin detailed two new campaigns in his presentation, which was titled, “Worldwide Aerospace and Defense Contractors Under Attack by Lazarus”:

Sep. 2021: An attacker posing as an Amazon recruiter approached a defense-contractor employee in the Netherlands, according to Boutin’s report (and ESET’s telemetry information). An attached job application from the Amazon faker, in fact, contained a malicious remote template.

Jan. 2022: Using a LinkedIn profile to impersonate a job recruiter from BAE Systems, an attacker targeted a defense company in Turkey. The attack used an encrypted archive known as an RAR file to send the malicious components, and the downloader payload itself was hosted on GitHub—an intriguing choice, said Boutin. “The use of GitHub is interesting, because it just shows that the threat actor is trying to use all legitimate services and abuse them as much as they can to make their campaign as legitimate as they can be,” Boutin said during the presentation.

Top insights for IT pros

From cybersecurity and big data to software development and gaming. Our IT Brew newsletter delivers the latest news and analysis of trends shaping the IT industry, like only The Brew can.

Appealing to the ego. A job opening offers an enticing window for attackers lately.

In May of this year, a team at eSentire witnessed a reversal of the ESET findings: A phony job applicant serving malware to the unsuspecting employer.

The endorphin rush of a compliment from a recruiter goes a long way and makes job-specific attacks especially successful, according to Lisa Plaggemier, interim executive director at the National Cybersecurity Alliance.

“When somebody sends you an email or hits you up on LinkedIn and says, ‘Hey, I really like your résumé or your profile,’ you know, ‘I’m interested in talking to you,’ what’s the first emotion you feel? It’s a little ego boost, right?” Plaggemier explained to IT Brew.

Another effective aspect of the phishing strategy: Employees may not want to tell their employers that a security problem arose because they were looking for a new gig.

“If, as an employee, you were clicking on things you shouldn’t, and then, on top of that, were trying to apply for another job, reporting the security incident is something that you will think twice before doing,” Boutin said, during the ESET Q&A.


Please enter your comment!
Please enter your name here

Get notified whenever we post something new!


Migrate to the cloud

Make yourself future-proof by migrating your infrastructure and services to the cloud. Become resilient, efficient and distributed.

Continue reading

A Rant: Stripping Privacy in This Era

The world has a privacy problem. Everything connected to the Internet (which is almost everything today), is for the taking. Looking around an average person's daily routine, it exposes the enlarging attack surface with each device we purchase, each...

Unveiling the Future: AI Breakthroughs and Their Impact

Welcome to the era where science fiction meets reality – the world of Artificial Intelligence (AI). In this exploration, we embark on a journey through recent AI breakthroughs, uncovering the marvels of advanced image recognition and natural language understanding....

 Navigating the Ethical Landscape of Artificial Intelligence

Introduction Welcome to a critical exploration of the brave new world of Artificial Intelligence (AI), where innovation and ethics intertwine. In this thought-provoking piece, we delve deep into the ethical considerations surrounding AI technologies. From the responsible use of AI...

Enjoy exclusive discounts

Use the promo code SDBR002 to get amazing discounts to our software development services.