North Korean hacking collective, Lazarus Group, has been utilizing a new and more sophisticated type of malware in their fake employment scams. According to researchers at ESET, a publicly undocumented backdoor named LightlessCan was discovered during an analysis of a recent attack on a Spain-based aerospace company. This new payload is considered a significant advancement compared to its predecessor, BlindingCan, as it mimics the functionalities of native Windows commands, enabling discreet execution within the RAT itself. This approach makes it more challenging to detect, evading real-time monitoring solutions and postmortem digital forensic tools.
The Lazarus Group’s fake job scam involves luring victims with the promise of employment at a well-known company. Once enticed, victims are tricked into downloading a malicious payload that is disguised as documents. However, the new LightlessCan payload takes advantage of stealthiness by executing within the RAT itself, avoiding noisy console executions. It also incorporates “execution guardrails” to ensure that the payload can only be decrypted on the intended victim’s machine, preventing unintended decryption by security researchers.
One case involving the new malware occurred in 2022 when an employee at a Spanish aerospace firm received a message from a fake Meta recruiter named Steve Dawson. Soon after, the hackers sent two simple coding challenges embedded with the malware. The main motivation behind the Lazarus Group’s attack on the aerospace firm was cyberespionage.
It is important to note that North Korean hackers, including the Lazarus Group, have been involved in various cybercrimes, including stealing an estimated $3.5 billion from cryptocurrency projects since 2016. The funds obtained from these illicit activities are believed to support North Korea’s nuclear missile program. In response, the United Nations has been working to curtail North Korea’s cybercrime tactics at the international level.
These developments highlight the evolving sophistication of cybercriminals and the need for individuals and organizations to remain vigilant and take necessary precautions. As the tactics and techniques employed by hackers become more advanced, it is crucial to prioritize cybersecurity measures to protect sensitive data and prevent potential damage.
Source link