Thursday, 17 July 2025
29.8 C
Singapore
30.2 C
Thailand
17.1 C
Indonesia
26.7 C
Philippines

Beware: Cyber attackers target the aerospace sector with fake job offers

Cybersecurity experts have uncovered a malware campaign targeting aerospace, with fake job offers linked to Iranian hackers imitating North Korean tactics.

Cybersecurity experts warn that hackers linked to the Iranian government are deploying malware in the guise of job offers, aiming to infiltrate the aerospace sector. A recent report by ClearSky Cyber Security reveals how this Iranian state-sponsored group, known as TA455, is targeting employees in aerospace, defence, and government sectors, especially in the United States, Middle East, and Europe. This cyber-espionage operation, called “Dream Job,” employs tactics that closely resemble those used by North Korean hacker groups, leaving researchers to speculate on possible collaboration or mimicry.

Hackers use fake job sites and profiles

ClearSky researchers have exposed the methods used by TA455 to deceive unsuspecting victims. The hackers set up fake recruitment websites and created fraudulent social media profiles, particularly on LinkedIn. These fake profiles are designed to lure targeted employees by offering enticing job opportunities.

Once the victim expresses interest, the hackers send job-related documents as part of the “onboarding process.” However, these documents carry a malicious file called SnailResin, a malware designed to breach the victim’s systems. SnailResin is a loader for a secondary malware called SlugResin, which allows hackers to exfiltrate data, maintain remote system control, and ensure ongoing access even after detection attempts.

Iranian hackers may be mimicking North Korea’s Lazarus Group

ClearSky has found the tactics used in “Dream Job” strikingly similar to those previously attributed to Lazarus, a notorious North Korean hacking group. Lazarus is infamous for targeting individuals with fake job offers, especially in the cryptocurrency and tech sectors. The resemblance has led researchers to speculate whether TA455 is copying Lazarus’s techniques to obscure its identity or whether the two groups might collaborate.

TA455, also known as Charming Kitten, shares traits with other Iranian cyber-espionage groups, such as APT35 and TA453. Linked to Iran’s Islamic Revolutionary Guard Corps (IRGC), TA455 has a history of cyber-espionage in aerospace, defence, and government agencies. The group’s main objectives are to collect geopolitical intelligence and steal confidential information to be leveraged for strategic advantage.

ClearSky’s analysis suggests that TA455 deliberately impersonates Lazarus’s style or that North Korean and Iranian groups share malware and tactics. Researchers have not reached a definitive conclusion but believe TA455 might use resemblance as a disguise.

Protect yourself from fake job offers

This “Dream Job” campaign serves as a timely reminder of the risks associated with unsolicited job offers, especially those from unfamiliar sources. The “too good to be true” approach often indicates potential deception, as attackers increasingly use enticing offers to trick targets into unknowingly compromising their data security.

Experts recommend verifying the legitimacy of job offers and being cautious about downloading files, especially from unknown senders. If you’re considering a job offer from an unfamiliar recruiter, take steps to authenticate the source and confirm their identity. Cybersecurity vigilance is key to protecting sensitive information from prying hackers.

Hot this week

Microsoft will stop new Office 365 features on Windows 10 in 2026

Microsoft will stop new Microsoft 365 features for Windows 10 users starting August 2026, with full support ending by early 2027.

Indonesia launches national AI Centre of Excellence with Indosat, Cisco and NVIDIA

Indonesia launches AI Centre of Excellence with Indosat, Cisco and NVIDIA to boost AI access, talent development and digital sovereignty.

Inside the AI-native startup boom transforming healthcare, finance, logistics, and education in Asia

AI-first startups in APAC are transforming core industries by redefining business models, boosting efficiency, and opening new market opportunities.

NTT DC REIT makes quiet debut following Singapore’s biggest IPO in four years

NTT DC REIT debuts on SGX after raising US$773M in Singapore’s biggest IPO in 4 years, amid a growing wave of new listings.

Microsoft’s Copilot Vision AI can now view your entire screen

Microsoft’s Copilot Vision now sees your entire screen, offering live help and insights through desktop or mobile in real-time.

Grok chatbot now barred from referencing Elon Musk or calling itself Hitler, says xAI

Grok chatbot no longer allowed to reference Elon Musk or call itself Hitler, as xAI enforces new rules to stop offensive replies.

Tenable uncovers remote code execution flaw in Oracle Cloud Code Editor

Tenable discovered an RCE flaw in Oracle Cloud Code Editor that allowed attackers to exploit Cloud Shell; the issue has since been fixed.

Garmin introduces Descent S1 buoy to enhance dive communication and safety

Garmin launches the Descent S1 Buoy in Singapore to improve diver tracking, messaging and safety through advanced sonar technology.

Salesforce expands Hyperforce services in Indonesia with local data residency

Salesforce brings local data residency and AI-driven services to Indonesia with the expansion of Hyperforce and new platform tools.

Related Articles

Popular Categories