Members of the infamous Lazarus hacking collective targeted a Spanish aerospace company last year by posing as a recruiter for Facebook and Instagram parent Meta.
Cybersecurity researchers at ESET said that sometime last year the fake recruiter reached out to victims via LinkedIn Messaging, and then asked interested “applicants” to download a pair of coding challenges that were part of the hiring process. Those files were laced with malware, and once executed on a company device delivered a remote access Trojan that the researchers dubbed “LightlessCan.”
The malicious code mimicked a wide range of native Windows commands and has the potential for ongoing development and refinement. This was just the latest such faux job-themed cyberattacks carried out by the group as apart of its “Operation Dreamjob.”
Lazarus, also known as Hidden Cobra, is a collective of cyber units operating from North Korea, and it has been active since at least 2009.
Don’t Click The Link From LinkedIn
Cybersecurity researchers have warned that the revelation of the malware attack should serve as a reminder that users of social media platforms should remain ever vigilant, and be cautious of unsolicited contacts.
“This is another example that underscores the risks social engineering attacks introduce through social platforms,” said Emily Phelps, director of cybersecurity threat intelligence provider Cyware. “While platforms like LinkedIn are intended for professional networking, their accessibility makes them prime channels for attackers to target potential victims. In this scenario, Lazarus capitalized on the trust that individuals place in such platforms and their desire to seize opportunities, such as job offers from reputed companies.”
The attack also highlights how services like LinkedIn, which can be crucial for networking and business development opportunities, also provide a lot of insight that can help attackers in a social engineering campaign.
“With employees publishing detailed LinkedIn profiles about their positions, security clearance levels, past and present projects, technology tools experience, etc., attackers are able to conduct significant analysis to identify likely employees with access to critical systems and data, as well as specific tools that should be targeted for exploit research,” explained Snehal Antani, CEO of cybersecurity provider Horizon3.ai.
“Combined with breach databases and other information available on the dark web, highly capable organizations like the Lazarus Group are well positioned to conduct attacks against high-value targets like the aerospace industry,” warned Antani. “As a result, it’s crucial for companies to ensure they understand the open-source intelligence data available to attackers—for not only the company, but for employees with access to critical data and systems, and implement additional controls to identify and stifle credential-based attacks.”
Mitigating The Risks
While the most obvious solution would be to limit what information is shared on LinkedIn, such an extreme course of action runs contrary to why people use the platform in the first place. Instead, there are other actions that companies and individuals can take to mitigate the risks.
“It’s important to arm employees with regular security awareness training to ensure they can recognize the signs of online scams,” said Phelps. “Ongoing patching, updates, and backups should occur. Both organizations and individuals should adopt multifactor authentication as well.”
Then there is the most obvious one of all—being mindful when it comes to what is being downloaded. But other measures can be taken as well.
“Individuals should also avoid downloading unknown files, limit personal information shared online, and verify any unexpected, unsolicited, or unknown, contacts,” Phelps continued. “Organizations can also adopt behavioral AI that can help identify anomalies. A less common but equally important opportunity for organizations to protect themselves is to ensure their security team’s functions—threat intelligence, security automation, orchestration, and response—are unified. This will help eliminate data, tech, and team silo, enabling more efficient defense and improved resilience against repeatable attacks.”
Of course, it is still necessary to remember that these attacks relied on the weakest link of all—the human factor. As with other social media scams, these are successful simply because people are too trusting!
Achieve Goals You Never Thought Possible 4X Faster
