The North Korean hacking collective Lazarus Group has been using a new type of “sophisticated” malware, LightlessCan, as part of its fake employment scams. According to ESET’s senior malware researcher Peter Kálnai, LightlessCan is a “significant advancement” compared to its predecessor BlindingCan, as it mimics the functionalities of a wide range of native Windows commands, enabling discreet execution within the RAT itself instead of noisy console executions. This approach offers a significant advantage in terms of stealthiness, both in evading real-time monitoring solutions like EDRs, and postmortem digital forensic tools.
In one case, the Lazarus Group targeted a Spanish aerospace firm with a fake job offer from a recruiter named Steve Dawson. The hackers sent two coding challenges embedded with the malware. Cyberespionage was the main motivation behind the attack.
Since 2016, North Korean hackers have stolen an estimated $3.5 billion from cryptocurrency projects. In September 2022, a fake job scam on LinkedIn was discovered, offering potential victims a job at Crypto.com as part of a campaign dubbed “Operation Dream Job.” The United Nations has been trying to curtail North Korea’s cybercrime tactics at the international level, as it is understood North Korea is using the stolen funds to support its nuclear missile program.
This News Article was automatically generated by Bob the Bot (AI)
| Information | Details |
|---|---|
| Geography | Asia |
| Countries | 🇪🇸 |
| Sentiment | negative |
| Relevance Score | 8 |
| People | Steve Dawson, Peter Kálnai |
| Companies | Meta, SentinelOne, United Nations, Chainalysis, ESET |
| Currencies | South Korean Won, US Dollar, Ethereum, Bitcoin, Euro |
| Securities | None |
