Tuesday, 8 July 2025
28 C
Singapore
28.7 C
Thailand
18.8 C
Indonesia
28.6 C
Philippines

Beware: Cyber attackers target the aerospace sector with fake job offers

Cybersecurity experts have uncovered a malware campaign targeting aerospace, with fake job offers linked to Iranian hackers imitating North Korean tactics.

Cybersecurity experts warn that hackers linked to the Iranian government are deploying malware in the guise of job offers, aiming to infiltrate the aerospace sector. A recent report by ClearSky Cyber Security reveals how this Iranian state-sponsored group, known as TA455, is targeting employees in aerospace, defence, and government sectors, especially in the United States, Middle East, and Europe. This cyber-espionage operation, called “Dream Job,” employs tactics that closely resemble those used by North Korean hacker groups, leaving researchers to speculate on possible collaboration or mimicry.

Hackers use fake job sites and profiles

ClearSky researchers have exposed the methods used by TA455 to deceive unsuspecting victims. The hackers set up fake recruitment websites and created fraudulent social media profiles, particularly on LinkedIn. These fake profiles are designed to lure targeted employees by offering enticing job opportunities.

Once the victim expresses interest, the hackers send job-related documents as part of the “onboarding process.” However, these documents carry a malicious file called SnailResin, a malware designed to breach the victim’s systems. SnailResin is a loader for a secondary malware called SlugResin, which allows hackers to exfiltrate data, maintain remote system control, and ensure ongoing access even after detection attempts.

Iranian hackers may be mimicking North Korea’s Lazarus Group

ClearSky has found the tactics used in “Dream Job” strikingly similar to those previously attributed to Lazarus, a notorious North Korean hacking group. Lazarus is infamous for targeting individuals with fake job offers, especially in the cryptocurrency and tech sectors. The resemblance has led researchers to speculate whether TA455 is copying Lazarus’s techniques to obscure its identity or whether the two groups might collaborate.

TA455, also known as Charming Kitten, shares traits with other Iranian cyber-espionage groups, such as APT35 and TA453. Linked to Iran’s Islamic Revolutionary Guard Corps (IRGC), TA455 has a history of cyber-espionage in aerospace, defence, and government agencies. The group’s main objectives are to collect geopolitical intelligence and steal confidential information to be leveraged for strategic advantage.

ClearSky’s analysis suggests that TA455 deliberately impersonates Lazarus’s style or that North Korean and Iranian groups share malware and tactics. Researchers have not reached a definitive conclusion but believe TA455 might use resemblance as a disguise.

Protect yourself from fake job offers

This “Dream Job” campaign serves as a timely reminder of the risks associated with unsolicited job offers, especially those from unfamiliar sources. The “too good to be true” approach often indicates potential deception, as attackers increasingly use enticing offers to trick targets into unknowingly compromising their data security.

Experts recommend verifying the legitimacy of job offers and being cautious about downloading files, especially from unknown senders. If you’re considering a job offer from an unfamiliar recruiter, take steps to authenticate the source and confirm their identity. Cybersecurity vigilance is key to protecting sensitive information from prying hackers.

Hot this week

Tools for Humanity: Why Southeast Asia is shaping the future of humanness in the Age of AI

Southeast Asia is pioneering the future of digital identity with World ID, offering private, secure, and human-first verification at scale.

Union Gas Holdings boosts operational resilience with Lenovo infrastructure upgrade

Union Gas Holdings upgrades to Lenovo ThinkSystem infrastructure to ensure round-the-clock energy delivery and improve IT performance across Singapore.

Microsoft to exit Pakistan after 25 years, shifting to reseller model

Microsoft ends its 25-year presence in Pakistan, shifting to a reseller model amid global cuts and broader industry challenges.

Best travel cameras in 2025 for every kind of traveller

Compare the best travel cameras in 2025 for every style and budget—from compact point-and-shoots to mirrorless powerhouses built for photography on the go.

China to invest in Brazil-led global forest fund, signalling shift in climate finance

China may invest in Brazil's global forest fund, signalling a shift in climate finance and broader support from emerging economies.

Huawei defends AI model amid claims of using third-party code

Huawei denies using third-party models to train its latest AI, despite claims from a whistleblower and rising competition in China's tech sector.

AI will make cyber defence harder unless you think like a hacker

Cyber experts warn that AI is making cyber attacks smarter, urging firms to adopt a hacker mindset and prepare through simulations.

Persona 5: The Phantom X finally arrives in Southeast Asia

Persona 5: The Phantom X launches in Southeast Asia with a fresh story, fan-favourite characters, and a special event running until July 31.

TikTok may dodge US ban with new app and ownership deal

TikTok could avoid a US ban with the launch of a new app on September 5 and a possible sale to non-Chinese investors, including Oracle.

Related Articles

Popular Categories