A famous cybercriminal group known for its links to the North Korean regime has continued its spree of recent attacks by targeting an unnamed Spanish aerospace company.

Lazarus, notably known for its 2017 WannaCry attack, have been adapting and evolving their methods of attack.

This latest attack is a variant of its ‘Dream Job’ campaign which recently targeted Amazon employees.

Malware disguised as a coding challenge

Employees were approached by what appeared to be recruiters from Meta through LinkedIn, who were looking for individuals to complete a coding challenge to demonstrate their capabilities. 

Rather than launching the coding challenge, the files instead installed malware most likely intended to steal aerospace data, according to ESET researchers. Aerospace data has long been a target of North Korean hackers and theory behind this is its use in North Korean nuclear missile programmes. Part of the malware included Lazarus’ latest backdoor software, LightlessCan, which is built upon the group's work with their previous payload, BlindingCan.

“The most worrying aspect of the attack is the new type of payload, LightlessCan, a complex and possibly evolving tool that exhibits a high level of sophistication in its design and operation, representing a significant advancement in malicious capabilities compared to its predecessor, BlindingCan.” the ESET reporter stated.

“The attackers can now significantly limit the execution traces of their favorite Windows command line programs that are heavily used in their post-compromise activity. This maneuver has far-reaching implications, impacting the effectiveness of both real-time monitoring solutions and of post-mortem digital forensic tools.”

Via The Register

More from TechRadar Pro