A recent cybersecurity report ESET reveals that North Korean hackers, specifically the Lazarus Group, employed a sophisticated phishing campaign to target employees of an aerospace company in Spain. The hackers posed as a recruiter from Meta, a prominent Silicon Valley company, and initiated contact with employees through LinkedIn. They sent coding challenges that were actually infected with malware disguised as legitimate recruitment materials.

The malicious operation, which took place last year, marks a significant advancement in the malicious capabilities of North Korean cyber units. This strategy of impersonating job recruiters to infiltrate targeted organizations and individuals has been previously observed in other North Korean cyber operations. Journalists, security researchers, software developers, and other professionals have been targeted through similar phishing schemes.

The malware delivered the phishing campaign, which ESET named “LightlessCan,” executed a remote access trojan on the compromised devices. LightlessCan disguised its activities mimicking native Windows commands and enabling discreet execution within the trojan itself. This strategic shift in malware design enhances stealth and makes it more challenging to detect and analyze the attacker’s motives. Furthermore, LightlessCan encrypts itself on the intended target’s machine, effectively preventing decryption on unintended machines, such as those of security researchers.

The researchers at ESET discovered that LightlessCan has support for up to 68 distinct commands, with 43 implemented in the current version. This suggests ongoing development and refinement of the malware.

This latest cybersecurity incident highlights the growing threats posed North Korean hackers and their continuously evolving tactics. It underscores the importance of vigilance and the need for robust cybersecurity measures to protect individuals and organizations from sophisticated phishing campaigns.

Source: CyberScoop