North Korean hackers are targeting aerospace - Lazarus Group tricks employees into installing malware themselves

Notorious Lazarus group pioneering a new type of cyberattack

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A famous cybercriminal group known for its links to the North Korean regime has continued its spree ofrecent attacksby targeting an unnamed Spanish aerospace company.

Lazarus, notably known for its 2017 WannaCry attack, have been adapting and evolving their methods of attack.

This latest attack is a variant of its ‘Dream Job’ campaign which recently targetedAmazonemployees.

Malware disguised as a coding challenge

Employees were approached by what appeared to be recruiters from Meta through LinkedIn, who were looking for individuals to complete a coding challenge to demonstrate their capabilities.

Rather than launching the coding challenge, the files instead installed malware most likely intended to steal aerospace data, according toESETresearchers. Aerospace data has long been a target of North Korean hackers and theory behind this is its use in North Korean nuclear missile programmes. Part of the malware included Lazarus’ latest backdoor software, LightlessCan, which is built upon the group’s work with their previous payload,BlindingCan.

“The most worrying aspect of the attack is the new type of payload, LightlessCan, a complex and possibly evolving tool that exhibits a high level of sophistication in its design and operation, representing a significant advancement in malicious capabilities compared to its predecessor, BlindingCan.” the ESET reporter stated.

“The attackers can now significantly limit the execution traces of their favorite Windows command line programs that are heavily used in their post-compromise activity. This maneuver has far-reaching implications, impacting the effectiveness of both real-time monitoring solutions and of post-mortem digital forensic tools.”

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

ViaThe Register

More from TechRadar Pro

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division),  then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

I’m a die-hard Apple fan, but even I’ll admit that the Google Pixel 9 Pro is the best-looking phone of the year