Once again, Lazarus, a notorious organization of cybercriminals based in North Korea, has been involved in another phishing campaign. The latest report indicated that this advanced persistent threat (APT) group attacked applicants applying to Lockheed Martin.
North Korean Hackers Pretends to be Lockheed Martin
A notorious North Korean group of hackers, Lazarus attacked job applicants by impersonating aerospace company Lockheed Martin.
According to a report by ZDNET, the state-backed cybercrime group was spotted in another campaign, wherein it uses Lockheed Martin to victimize job applicants. Akshat Pradhan, the Senior Engineer of Threat Research in Qualys, uncovered the information on Tuesday, Feb. 8.
As background information, Lazarus has been well-known for carrying out attacks with huge impacts. Since it was believed to be a state-sponsored group, spending money for the operations was not a problem.
In the past, the North Korean hackers were said to be the masterminds behind the WannaCry ransomware attack, which stole $80 million from the Bangladesh Central Bank in 2017, according to Tech Times.
Similarly, it also targeted BAE Systems and even Northrop Grumman. This time, it delivers fake documents to job seekers. These documents contain phishing scripts to compromise the system of the victims.
If ever you receive the document, it will be named Lockheed_Martin_JobOpportunities.docx and Salary_Lockheed_Martin_job_opportunities_confidential.doc. Upon sending it to the system, it will automatically make Scheduled tasks and prompt control flow hijacking.
Related Article: Kronos Ransomware Attack Stole Data of 6,632 Individuals Including Social Security Numbers from Puma Employees: No Consumers Compromised?
What's Inside the Phishing Emails or Document
In a similar news report, Qualys identified that the system hack affected Living Off the Land Binaries or LOLBins. The error will be returned immediately when a payload appears through the scripts.
The California-based cloud security firm has not yet recognized the final goal of the malware package in the incident.
"We attribute this campaign to Lazarus as there is significant overlap in the macro content, campaign flow, and phishing themes of our identified variants as well as older variants that have been attributed to Lazarus by other vendors," Pradhan said.
Lazarus is not a stranger to attacks related to job offers. Previously, the North Korean hackers were able to send misleading emails, which turned out to be malicious job offers. This campaign hit a crypto-centered organization.
Lazarus Cybercrminals Delivers Malicious Code on Windows
Bleeping Computer wrote that the infamous North Korean cybercriminals had compromised Windows systems by deploying malware in late January. Upon opening the infected attachments, the victim will be directed to a suspicious Windows/System32 folder.
In another report, Russia's FSB seized 14 members of the dangerous cybercrime gang REvil in the same month. According to Tech Times, the authorities had chased the culprits in at least 25 addresses across Moscow. Moreover, the federal security agents retrieved 20 luxury cars, computers, crypto wallets, $600,000, and over $426 million rubbles, or nearly $5.5 million at that time.
Read Also: Sugar Ransomware-as-a-Service Operations Target Individual Devices With Low Ransom Demands
This article is owned by Tech Times
Written by Joseph Henry
