- Aug 17, 2014
- 11,196
The North Korean 'Lazarus' hacking group targeted employees of an aerospace company located in Spain with fake job opportunities to hack into the corporate network using a previously unknown 'LightlessCan' backdoor.
The hackers utilized their ongoing "Operation Dreamjob" campaign, which entails approaching a target over LinkedIn and engaging in a fake employee recruitment process that, at some point, required the victim to download a file. The employee did so on a company's computer, allowing the North Korean hackers to breach the corporate network to conduct cyber espionage.
ESET investigated the incident and could reconstruct the initial access and retrieve components of Lazarus' toolset, including a previously undocumented backdoor, which they named 'LightlessCan.'
New report from ESET researchers:
Lazarus luring employees with trojanized coding challenges: The case of a Spanish aerospace company
ESET researchers uncover a Lazarus attack against an aerospace company in Spain, where the group deployed several tools, including a publicly undocumented backdoor we named LightlessCan.
www.welivesecurity.com