Lazarus Targets Job-Seeking Engineers with Malicious Documents
#1
Information 
Quote:The notorious Lazarus advanced persistent threat (APT) group has been identified as the cybergang behind a campaign spreading malicious documents to job-seeking engineers. The ploy involves impersonating defense contractors seeking job candidates.
 
Researchers have been tracking Lazarus activity for months with engineering targets in the United States and Europe, according to a report published online by AT&T Alien Labs.
 
According to the report’s author, Fernando Martinez, emails sent to prospective engineering candidates by the APT purport to be from known defense contractors Airbus, General Motors (GM) and Rheinmetall.
 
Attached to the emails are Windows documents containing macro-based malware, “which has been developed and improved during the course of this campaign and from one target to another,” Martinez wrote.
 
“The core techniques for the three malicious documents are the same, but the attackers attempted to reduce the potential detections and increase the faculties of the macros,” he wrote.
 
The campaign is just the latest by Lazarus that targets the defense industry. In February, researchers linked a 2020 spear phishing campaign to the APT that aimed at stealing critical data from defense companies by leveraging an advanced malware called ThreatNeedle.
 
Indeed, with its use of Microsoft Office Macros and compromised third-party infrastructure for communications, the latest attacks have Lazarus written all over them, remaining “in line with the Lazarus’ past campaigns,” Martinez wrote.
 
“Attack lures, potentially targeting engineering professionals in government organizations, showcase the importance of tracking Lazarus and their evolution,” he wrote. “We continue to see Lazarus using the same tactic, techniques, and procedures that we have observed in the past.”

Read more: Lazarus Targets Job-Seeking Engineers with Malicious Documents | Threatpost
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
Google files remedies proposal in DOJ's ...
The U.S. Departmen...harlan4096 — 09:48
PowerToys 0.87.1
PowerToys 0.87.1 ...harlan4096 — 09:46
GFYI [Official] EaseUS Christmas 2024 B...
Merry Christmas and ...zevish — 08:07
AirVPN Christmas Sale 2024!
AirVPN CHRISTMAS SAL...jasonX — 07:52
ON1 Software
ON1 Photo RAW 2025.1...jasonX — 06:29

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
harlan4096's profile harlan4096
Administrator

>