Back to top
  • 공유 Share
  • 인쇄 Print
  • 글자크기 Font size
URL copied.

North Korean Hackers Upgrade Tactics with New Stealthy Malware in Job Scams

작성자 이미지
Marthon Guanzon reporter

Wed, 04 Oct 2023, 02:04 am UTC

North Korean Lazarus Group adopts a more covert malware, LightlessCan, in deceptive job scams, targeting firms and stealing resources for national projects.

Recent reports reveal that the Lazarus Group, a notorious hacking team from North Korea, has enhanced its cyber weaponry. ESET, a cybersecurity firm, unveiled this detail after a comprehensive investigation into a deceitful job scam targeting a Spanish aerospace company.

On September 29, Peter Kálnai, ESET's seasoned malware analyst, shared his discovery of an undisclosed backdoor malware labeled as LightlessCan. This latest malware is a leap ahead from its older version, BlindingCan.

Unlike its older version, which had tell-tale signs, LightlessCan cleverly mimics a host of standard Windows commands, ensuring that its operations go unnoticed within the RAT, eliminating conspicuous console operations.

This tactic, Kálnai notes, is game-changing. It allows the malware to slip past real-time monitoring systems like EDRs, and even digital forensic tools that investigators might use after an attack.

An interesting safety feature in the LightlessCan payload is its "execution guardrails". This ensures that the malware's decryption is possible only on the targeted machine, preventing security experts from unintentionally decrypting it during their analysis.

A noteworthy incident was recounted by Kálnai, where an employee of the Spanish aerospace company was approached by a phony recruiter from Meta, calling himself Steve Dawson, in 2022. Not long after, the infiltrators dispatched a pair of coding challenges riddled with the malware.

While the Lazarus Group's intrusion into the Spanish company is concerning, this isn't their first venture. They have been linked to pilfering approximately $3.5 billion from cryptocurrency endeavors since 2016, as detailed by a Chainalysis report from September 14.

Furthermore, a September 2022 alert from cybersecurity outfit SentinelOne flagged a deceptive job offer on LinkedIn. This sham was promoting a role at Crypto.com, under the codename "Operation Dream Job".

To confront North Korea's burgeoning cybercrime operations, which allegedly funnel stolen resources to their nuclear missile initiatives, the United Nations is taking measures to suppress these activities globally.

TokenPost | [email protected]

<Copyright ⓒ TokenPost, unauthorized reproduction and redistribution prohibited>

Most Popular

Comment 0

0/1000

1