Hackers from North Korea are using a DPRK job opportunity phishing technique to trick people into downloading malicious malware via the messaging service WhatsApp. The scam uses fake job offers to lure unsuspecting employees into downloading the virus. Security firm Malwarebytes has reported a recent case of the scam. It appears that hackers approached staff at AstraZeneca with fake job offers.
Hackers pose as recruiters on networking site LinkedIn
The social networking website LinkedIn is a popular target for cyberattackers. Hackers have used the site to send fake job offers and to trick victims into installing malware.
In June, security researchers at Dell’s Cyber Threat Unit (CTU) found a network of fake LinkedIn profiles, which posed as recruiters. The attackers sent invitations to security researchers and to firms involved in aerospace and defense industries.
The hackers also accessed the personal information of their targets through a LinkedIn-specific feature called a private messaging function. They sent documents that were meant to look like job descriptions. The files contained malicious code that was design to steal the victim’s login credentials.
Similarly, a North Korean hacking crew had also posed as recruiters on the popular social media platform. They had targeted drugmakers in recent weeks. However, their activity denied by Pyongyang.
According to a report by SecureWorks, a technology firm that specializes in researching and analyzing the threats facing businesses, the group’s activities were “related to Cylance and other security companies.”
As a result of this investigation, the company announced a Cease-and-Desist letter to hiQ Labs, a third-party cybersecurity company. The company analyzed data and reported that dozens of fake accounts have removed.
Hackers approach AstraZeneca staff with fake job offers
According to Reuters, suspected North Korean hackers approached AstraZeneca staff with fake job offers via messaging apps like WhatsApp and LinkedIn. These hackers were attempting to gain access to the company’s systems. They sent documents posing as job descriptions that contained malicious code.
The malware in the emails was design to allow the attackers to enter the victim’s computer. Once the hacker was able to get into the victim’s computer, the malware allowed the hackers to access and collect credentials.
To confuse the investigators, the hackers reportedly used email addresses that registered to Russian addresses. The hacking effort described as “unexpected” by Whitehall sources.
It appears that the attack was meant to steal research pertaining to AstraZeneca’s COVID-19 vaccine, which is develop by the company with the University of Oxford. In addition, it could also help fight the global Coronavirus pandemic.
It is unclear whether the attack was successful. AstraZeneca did not comment on reports of the attack. However, the company is conducting additional clinical trials for its promising COVID-19 vaccine.
AstraZeneca is one of the top three companies focusing on developing a COVID-19 pandemic vaccine. It is working with the University of Oxford on a partnership that would allow the two organizations to accelerate the research.
North Korean phishers use social engineering tactics to spread malware
The North Korean military hacking group known as ZINC and the Lazarus hacking group have been leveraging social engineering tactics to distribute malware. The two groups used fake LinkedIn profiles to recruit tech professionals and IT support specialists for their campaigns. They also targeted media companies, media employees, defense and aerospace professionals, and technical support workers.
In the past, the Lazarus and ZINC groups have carried out similar campaigns. The former alleged to have been behind Sony Pictures Entertainment’s attack in 2014 in retaliation for the controversial film “The Interview.” The Lazarus hackers also targeted employees in the crypto-currency industry.
Lazarus group is known to use a variety of software to compromise targets’ systems. They have been using several tactics to lure victims to WhatsApp and other messaging apps to spread malware. They also posed as security researchers to steal sensitive information from their victims.
The Lazarus hacker group has targeted by the US government in the past. In August, the US Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions against the North Korean hackers. They accused of stealing more than $50 million in crypto exchanges.
In September, Microsoft issued a report on social engineering attacks. The study discovered that the North Korean crew was posing as a cybersecurity specialist to lure cybersecurity researchers. In another incident, they impersonated a Google recruiter to attack an employee of the company.
