North Korean Hacking Group Lazarus Uses New, Hard-to-Detect Malware for Fake Job Scams
The Lazarus Group, a hacking collective from North Korea, has developed a new type of sophisticated malware called LightlessCan for its fake employment scams. This malware is more challenging to detect than its predecessor, BlindingCan, according to ESET’s senior malware researcher Peter Kálnai.
The group’s typical scam involves luring victims with a potential job offer at a well-known company and tricking them into downloading malicious payloads disguised as documents. However, LightlessCan is a significant advancement because it mimics native Windows commands, allowing discreet execution within the remote access Trojan (RAT) itself.
This stealthy approach makes it difficult for real-time monitoring solutions and postmortem digital forensic tools to detect the malware. The payload also includes execution guardrails to ensure it can only be decrypted on the intended victim’s machine, preventing unintended decryption by security researchers.
The Attack on a Spanish Aerospace Firm
Kálnai shared a case involving the new malware, which targeted a Spanish aerospace firm in 2022. The attack started with an employee receiving a message from a fake recruiter named Steve Dawson on Meta (formerly LinkedIn). The hackers then sent two coding challenges embedded with the malware.
Cyberespionage was the primary motive behind this attack by the Lazarus Group. It’s worth noting that North Korean hackers have already stolen around $3.5 billion from cryptocurrency projects since 2016.
Efforts to Counter North Korea’s Cybercrime Tactics
In September 2022, cybersecurity firm SentinelOne warned about a fake job scam on LinkedIn called “Operation Dream Job,” where victims were offered positions at Crypto.com. Additionally, the United Nations has been working to curb North Korea’s cybercrime activities at the international level, as it is believed that the stolen funds are being used to support the country’s nuclear missile program.
Hot Take: North Korean Hacking Group Lazarus Unleashes New Stealthy Malware for Fake Job Scams
The Lazarus Group, a notorious hacking collective associated with North Korea, has developed a more sophisticated and harder-to-detect malware called LightlessCan. This new malware is used in their fake job scams, where victims are tricked into downloading malicious payloads disguised as job-related documents. LightlessCan mimics native Windows commands, allowing it to execute discreetly within the remote access Trojan (RAT) itself, making it challenging to detect by real-time monitoring solutions and digital forensic tools. The Lazarus Group recently targeted a Spanish aerospace firm using this new malware, emphasizing their motive of cyberespionage. Efforts are being made at the international level to counter North Korea’s cybercrime tactics, as they use stolen funds to support their nuclear missile program.
By
By
By
By