Hailing from North Korea, Lazarus group of hackers recently unleashed a highly innovative and exceptionally intricate malware variant known as “LightlessCan” in their deceptive employment scams. This latest development presents a significant challenge for detection, especially when compared to its predecessor.
On the 29th of September, Peter Kálnai, a senior malware investigator at ESET, revealed significant findings. He did so subsequent to dissecting a spurious job offer assault. This attack was directed at a distinguished Spanish aerospace corporation.
Notably, the Lazarus Group typically follows a conventional modus operandi. They entice victims with alluring employment prospects at renowned firms. This leads the victims into downloading malevolent payloads which are cleverly disguised as official documents.
Nonetheless, LightlessCan marks a notable advancement from its predecessor, BlindingCan. Kálnai explained that LightlessCan can mimic various native Windows commands.
This enables discreet execution directly from within the Remote Access Trojan (RAT). As a result, this reduces any noticeable console executions.
This augmented stealthiness renders it considerably difficult for real-time surveillance solutions such as EDRs and posthumous digital forensics tools to identify.
Sophisticated Tactics of the Lazarus Group and Their Targets
Furthermore, this new malware incorporates “execution guardrails” designed to ensure that solely the intended victim’s computing device can decipher the payload, thereby thwarting inadvertent decryption attempts by security analysts.
An authenticated instance involving this novel malware revolved around a Spanish aerospace corporation. An employee received a communication from a counterfeit Meta recruiter, operating under the alias Steve Dawson, back in 2022. Subsequently, the hackers dispatched two programming challenges replete with the concealed malware.
The primary motive of the Lazarus Group’s assault on the Spanish aerospace entity was espionage of the cyber variety.
Remarkably, North Korean hackers have been attributed with pilfering an approximate sum of $3.5 billion from cryptocurrency ventures since 2016, a revelation put forth by blockchain forensics entity Chainalysis on the 14th of September.
Recent Cybersecurity Incidents and International Responses
Additionally, in September 2022, the cybersecurity organization SentinelOne issued a cautionary alert regarding a bogus employment scam on the professional network LinkedIn. This was part of an initiative known as “Operation Dream Job,” which dangled tempting positions at Crypto.com to potential victims.
Concurrently, the United Nations has been diligently engaged in restraining North Korea’s cybercrime strategies on an international front, fueled by suspicions that the purloined funds contribute to the North Korean nuclear missile initiative.
This incessant endeavor underscores the widespread implications and repercussions associated with cyberattacks orchestrated by factions like Lazarus.
Read More:
Ethereum Futures ETFs Gain Momentum After Slow Start
JPEX Launches DAO Shareholder Dividend Program Amidst Controversy