Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • Lazarus gang targets engineers with job offers using poisoned emails
  • Cyber Attacks
  • Data Breach
  • Malware

Lazarus gang targets engineers with job offers using poisoned emails

5 years ago Graham Cluley
Lazarus gang targets engineers with job offers using poisoned emails

Security researchers at AT&T Alien Labs report that a notorious hacking group has been targeting engineers working in the defence industry.

In recent months there have been a series of reports of malicious emails that use the disguise of a job offer to target defence contractors in the United States and Europe.

Attached to the emails are Word documents containing macros that plant malicious code onto a victim’s computer, and make changes to the targeted computer’s settings in an attempt to avoid detection.

According to security researchers, the attacks carry the hallmarks of being the work of the notorious Lazarus Group, a North Korean-linked hacking gang that has been blamed for the 2014 attack on Sony Pictures, and the theft of $81 million from the Bank of Bangladesh in 2016, amongst other attacks.

Since May, emails believed to have been sent by the Lazarus Group have targeted victims by posing as engineering opportunities from the likes of Airbus, General Motors, and military contractor Rheinmetall.

Microsoft Office correctly warns the recipient upon opening the poisoned document that it has disabled macro content, but because the email pretends to offer a career opportunity the attackers are banking on recipients overriding the security warning, and allowing the malicious code to execute.

Sometimes the poisoned documents even have the gall to claim that they are “protected” – as if in an attempt to reassure the recipient that the job offer communication is private – in an attempt to trick a user into feeling comfortable enabling the dangerous macro content.

Previous malware campaigns have attempted to trick victims with job opportunities at Boeing and BAE systems.

The security researchers report that the Lazarus Group have refined their attacks over time, making changes to their attacks in an attempt to avoid detection. Many of the attacks have seen the renaming of the Certutil and Explorer system tools to hide the attackers’ activities.

Of course, if the hackers succeed in planting their malware on an engineer’s computer they could easily spy upon any work being done on the PC, snoop upon communications, steal intellectual property as well as databases, and passwords, and look to launch further attacks against others.

The post ” Lazarus gang targets engineers with job offers using poisoned emails” appeared first on TripWire

Source:TripWire – Graham Cluley

Tags: Encryption, Finance, Microsoft, TripWire

Continue Reading

Previous Critical Flaws Reported in Sage X3 Enterprise Management Software
Next How Fake Accounts and Sneaker-Bots Took Over the Internet

More Stories

  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery

4 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk

5 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities

7 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

How Samsung Knox Helps Stop Your Network Security Breach

8 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

10 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Data Breach
  • Vulnerabilities

Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries

13 hours ago [email protected] (The Hacker News)

Recent Posts

  • China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery
  • CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk
  • Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities
  • How Samsung Knox Helps Stop Your Network Security Breach
  • Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT