DPRK Job Opportunity Phishing Via WhatsApp

January 18, 2023

Hackers from North Korea are using a DPRK job opportunity phishing technique to trick people into downloading malicious malware via the messaging service WhatsApp. The scam uses fake job offers to lure unsuspecting employees into downloading the virus. Security firm Malwarebytes has reported a recent case of the scam. It appears that hackers approached staff at AstraZeneca with fake job offers.

Hackers pose as recruiters on networking site LinkedIn

The social networking website LinkedIn is a popular target for cyberattackers. Hackers have used the site to send fake job offers and to trick victims into installing malware.

In June, security researchers at Dell’s Cyber Threat Unit (CTU) found a network of fake LinkedIn profiles, which posed as recruiters. The attackers sent invitations to security researchers and to firms involved in aerospace and defense industries.

The hackers also accessed the personal information of their targets through a LinkedIn-specific feature called a private messaging function. They sent documents that were meant to look like job descriptions. The files contained malicious code that was design to steal the victim’s login credentials.

Similarly, a North Korean hacking crew had also posed as recruiters on the popular social media platform. They had targeted drugmakers in recent weeks. However, their activity denied by Pyongyang.

According to a report by SecureWorks, a technology firm that specializes in researching and analyzing the threats facing businesses, the group’s activities were “related to Cylance and other security companies.”

As a result of this investigation, the company announced a Cease-and-Desist letter to hiQ Labs, a third-party cybersecurity company. The company analyzed data and reported that dozens of fake accounts have removed.

Hackers approach AstraZeneca staff with fake job offers

According to Reuters, suspected North Korean hackers approached AstraZeneca staff with fake job offers via messaging apps like WhatsApp and LinkedIn. These hackers were attempting to gain access to the company’s systems. They sent documents posing as job descriptions that contained malicious code.

The malware in the emails was design to allow the attackers to enter the victim’s computer. Once the hacker was able to get into the victim’s computer, the malware allowed the hackers to access and collect credentials.

To confuse the investigators, the hackers reportedly used email addresses that registered to Russian addresses. The hacking effort described as “unexpected” by Whitehall sources.

It appears that the attack was meant to steal research pertaining to AstraZeneca’s COVID-19 vaccine, which is develop by the company with the University of Oxford. In addition, it could also help fight the global Coronavirus pandemic.

It is unclear whether the attack was successful. AstraZeneca did not comment on reports of the attack. However, the company is conducting additional clinical trials for its promising COVID-19 vaccine.

AstraZeneca is one of the top three companies focusing on developing a COVID-19 pandemic vaccine. It is working with the University of Oxford on a partnership that would allow the two organizations to accelerate the research.

North Korean phishers use social engineering tactics to spread malware

The North Korean military hacking group known as ZINC and the Lazarus hacking group have been leveraging social engineering tactics to distribute malware. The two groups used fake LinkedIn profiles to recruit tech professionals and IT support specialists for their campaigns. They also targeted media companies, media employees, defense and aerospace professionals, and technical support workers.

In the past, the Lazarus and ZINC groups have carried out similar campaigns. The former alleged to have been behind Sony Pictures Entertainment’s attack in 2014 in retaliation for the controversial film “The Interview.” The Lazarus hackers also targeted employees in the crypto-currency industry.

Lazarus group is known to use a variety of software to compromise targets’ systems. They have been using several tactics to lure victims to WhatsApp and other messaging apps to spread malware. They also posed as security researchers to steal sensitive information from their victims.

The Lazarus hacker group has targeted by the US government in the past. In August, the US Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions against the North Korean hackers. They accused of stealing more than $50 million in crypto exchanges.

In September, Microsoft issued a report on social engineering attacks. The study discovered that the North Korean crew was posing as a cybersecurity specialist to lure cybersecurity researchers. In another incident, they impersonated a Google recruiter to attack an employee of the company.

Ammar Fakhruddin


Ammar brings in 18 years of experience in strategic solutions and product development in Public Sector, Oil & Gas and Healthcare organizations. He loves solving complex real world business and data problems by bringing in leading-edge solutions that are cost effective, improve customer and employee experience. At Propelex he focuses on helping businesses achieve digital excellence using Smart Data & Cybersecurity solutions.

Data Security Through Data Literacy

Data Security Through Data Literacy

Unlocking data security through data literacy. Explore the pivotal role of understanding data in fortifying cybersecurity measures. Data is now pervasive, and it is important for people to understand how to work with this information. They need to be able to interpret...

Trojan Rigged Tor Browser Bundle Drops Malware

Trojan Rigged Tor Browser Bundle Drops Malware

Trojan Rigged Tor Browser Bundle drops malware. Stay vigilant against cybersecurity threats, and secure your online anonymity with caution. Threat actors have been using Trojanized installers for the Tor browser to distribute clipboard-injector malware that siphons...

Siri Privacy Risks: Unveiling the Dangers

Siri Privacy Risks: Unveiling the Dangers

Unveiling Siri privacy risks: Understand the potential dangers and take steps to enhance your digital assistant's security. Siri is a great piece of technology, but it can also be dangerous to users’ privacy. This is a serious issue that should be addressed....

Recent Case Studies

Press Releases

News & Events


Managed Security Services
Security & Privacy Risk Assessment
Cloud Platform Security
Incident Response & Business Continuity

Penetration Testing

Virtual CISO

Email Security & Phishing



About Us