Beware that dream job offer could be malware sent by Iranian hackers
Date:
Thu, 14 Nov 2024 16:03:00 +0000
Description:
Iranians are trying to pull off a "Lazarus", offering fake jobs to high-profile targets.
FULL STORY ======================================================================Iranian state-sponsored actors are targeting aerospace pros with fake jobs The goal
is to install backdoors and exfiltrate important data The style mimics that
of Lazarus, a known North Korean actor
Iranian state-sponsored hackers have been observed targeting victims in the aerospace industry with fake job offers, which resulted in the deployment of the SnailResin malware, as part of their cyber-espionage campaign.
Cybersecurity researchers at ClearSky revealed how the threat actor, known as TA455, created fake recruitment sites, and fake profiles on social media
sites such as LinkedIn. After that, they would approach their targets, and
get them to download files as part of the onboarding process.
Among the files was SnailResin, a piece of malware that acts as a loader for the SlugResin backdoor, capable of data exfiltration, command-and-control
(C2) communication, and persistence on victim systems. Iranians? Or North Koreans? Or both?
The campaign, dubbed Dream Job started in September 2023, if not earlier, ClearSky noted.
TA455 is a well-known cyberespionage group, linked with Iran's Islamic Revolutionary Guard Corps (IRGC), and shares similarities with other groups like APT35 and TA453. Besides the aerospace industry, TA455 was seen
targeting defense, and government entities, in the Middle East, Europe, and the US. Its goal, for the most part, is cyber-espionage, gathering sensitive information for geopolitical intelligence purposes.
What makes this campaign particularly interesting is the fact that it mimics the style of Lazarus, a North Korean state-sponsored group. Fake job attacks are basically synonymous with Lazarus at this point, as they were used in
some of the most destructive campaigns against firms in the crypto industry. At this point, ClearSky doesnt know if TA455 is mimicking Lazarus, tries to hide behind the group, or is in cooperation with them.
The similar Dream Job lure, attack techniques, and malware files suggest that either Charming Kitten was impersonating Lazarus to hide its activities, or that North Korea shared attack methods and tools with Iran, they said.
In any case, be careful when getting new job offers, especially if they sound too good to be true. You might also like North Korean Lazarus hackers are using a fake coding test to steal passwords Here's a list of the best firewalls today These are the best endpoint protection tools right now
======================================================================
Link to news story:
https://www.techradar.com/pro/security/beware-that-dream-job-offer-could-be-ma lware-sent-by-iranian-hackers
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)