Lazarus Attack on Spanish Aerospace Company Started with Messages from Phony Meta Recruiters

aerospace cybersecurity attackA recent attack on an undisclosed Spanish aerospace company all started with messages to the company's employees that appeared to be coming from Meta recruiters, via LinkedIn Messaging. ESET researchers uncovered the attack and attributed it to the Lazarus group, particularly a campaign dubbed Operation DreamJob. This campaign by the Lazarus group was aimed at defense and aerospace companies with the goal of carrying out cyberespionage. 

Initial messages sent to the aerospace company's employees claimed to be from a recruiter for Meta. They started with a friendly tone from the very beginning, a tactic designed to get victims to let their guards down:


Source: ESET

Subsequent messages to some victims included an attacker-provided, trojanized PDF viewer to view the full job offer, while others were encouraged to connect with a trojanized SSL/VPN client, being provided with an IP address and login details, under the guise of proving their C++ programming language abilities.

Two coding challenges were sent as a part of the supposed hiring process. The initial challenge consists of a straightforward project that displays the phrase "Hello, World!" while the second challenge prints a Fibonacci sequence - a series of numbers where each number is the sum of the two numbers that came before it. 

These "challenges" delivered malicious payloads to the victims, including a sophisticated remote access trojan (RAT) that ESET calls LightlessCan. This new RAT mimics a set of native Windows commands, allowing it to run its executions undetected. Lazarus also made sure the payload would only be encrypted on the specific victim's machine to avoid maximum exposure.

This isn't the first time we've seen employees get duped by cybercriminals posing as recruiters, and it won't be the last. New school security awareness training can help employees learn to recognize and fend off malicious activity designed to lure job-seekers.

KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

The world's largest library of security awareness training content is now just a click away!

In your fight against phishing and social engineering you can now deploy the best-in-class simulated phishing platform combined with the world's largest library of security awareness training content; including 1000+ interactive modules, videos, games, posters and newsletters.

You can now get access to our new ModStore Preview Portal to see our full library of security awareness content; you can browse, search by title, category, language or content topics.

ModStore01-1The ModStore Preview includes:

  • Interactive training modules
  • Videos
  • Trivia Games
  • Posters and Artwork
  • Newsletters and more!

Start Your Preview

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews