October 2 – If you’ve been offered a new job opportunity, exercise caution and ensure that the job offer is legitimate.
New reports indicate that North Korean hackers, pretending to be recruiters from Meta —the parent company of Facebook— are unscrupulously deceiving individuals into downloading malware.
These findings have been revealed as part of an investigation into a security breach that occurred within an undisclosed Spanish aerospace company.
Researchers were able to trace the breach back to a LinkedIn account under hacker control, where they identified a threat actor impersonating a Meta recruiter.
Hackers attempted to connect with several aerospace firm employees through LinkedIn Messaging. In an attempt to gain attention and trust, the threat actors presented fake job offers to individuals after they completed several online exercises.
“Employees of the targeted company [aerospace firm] were contacted by a fake recruiter via LinkedIn and tricked into opening a malicious executable file presenting itself as a coding challenge or quiz,” said cyber security researcher Peter Kalnai.
The primary intent behind the aerospace breach was to install an implant that’s referred to as LightlessCan. What’s particularly concerning about the attack is the introduction of a novel payload; a sophisticated and complex tool that demonstrates exceptional intricacy in both its design and functionality. The tool represents a significant advancement in malicious capabilities.
An alarming aspect of this tool is its ability to effectively obfuscate traces of Windows command-line programs used post-compromise. This poses a substantial challenge to real-time monitoring solutions and post-mortem digital forensics technologies, making it difficult to detect and investigate breaches.
Stay informed and stay vigilant as this story continues to develop. Emerging details may shed further light on the extent of and implications of these deceptive cyber criminal tactics.