Sunday, 19 January 2025
25.9 C
Singapore

Beware: Cyber attackers target the aerospace sector with fake job offers

Cybersecurity experts have uncovered a malware campaign targeting aerospace, with fake job offers linked to Iranian hackers imitating North Korean tactics.

Cybersecurity experts warn that hackers linked to the Iranian government are deploying malware in the guise of job offers, aiming to infiltrate the aerospace sector. A recent report by ClearSky Cyber Security reveals how this Iranian state-sponsored group, known as TA455, is targeting employees in aerospace, defence, and government sectors, especially in the United States, Middle East, and Europe. This cyber-espionage operation, called “Dream Job,” employs tactics that closely resemble those used by North Korean hacker groups, leaving researchers to speculate on possible collaboration or mimicry.

Hackers use fake job sites and profiles

ClearSky researchers have exposed the methods used by TA455 to deceive unsuspecting victims. The hackers set up fake recruitment websites and created fraudulent social media profiles, particularly on LinkedIn. These fake profiles are designed to lure targeted employees by offering enticing job opportunities.

Once the victim expresses interest, the hackers send job-related documents as part of the “onboarding process.” However, these documents carry a malicious file called SnailResin, a malware designed to breach the victim’s systems. SnailResin is a loader for a secondary malware called SlugResin, which allows hackers to exfiltrate data, maintain remote system control, and ensure ongoing access even after detection attempts.

Iranian hackers may be mimicking North Korea’s Lazarus Group

ClearSky has found the tactics used in “Dream Job” strikingly similar to those previously attributed to Lazarus, a notorious North Korean hacking group. Lazarus is infamous for targeting individuals with fake job offers, especially in the cryptocurrency and tech sectors. The resemblance has led researchers to speculate whether TA455 is copying Lazarus’s techniques to obscure its identity or whether the two groups might collaborate.

TA455, also known as Charming Kitten, shares traits with other Iranian cyber-espionage groups, such as APT35 and TA453. Linked to Iran’s Islamic Revolutionary Guard Corps (IRGC), TA455 has a history of cyber-espionage in aerospace, defence, and government agencies. The group’s main objectives are to collect geopolitical intelligence and steal confidential information to be leveraged for strategic advantage.

ClearSky’s analysis suggests that TA455 deliberately impersonates Lazarus’s style or that North Korean and Iranian groups share malware and tactics. Researchers have not reached a definitive conclusion but believe TA455 might use resemblance as a disguise.

Protect yourself from fake job offers

This “Dream Job” campaign serves as a timely reminder of the risks associated with unsolicited job offers, especially those from unfamiliar sources. The “too good to be true” approach often indicates potential deception, as attackers increasingly use enticing offers to trick targets into unknowingly compromising their data security.

Experts recommend verifying the legitimacy of job offers and being cautious about downloading files, especially from unknown senders. If you’re considering a job offer from an unfamiliar recruiter, take steps to authenticate the source and confirm their identity. Cybersecurity vigilance is key to protecting sensitive information from prying hackers.

Hot this week

Money20/20 Asia whitepaper reveals the future of fintech in APAC

Money20/20 Asia whitepaper explores APAC fintech growth, highlighting digital payments, blockchain, embedded finance, and financial inclusion trends.

Samsung Galaxy S25 colours leak ahead of launch

Samsung Galaxy S25 leaks reveal eight stunning colours and confirm Galaxy Unpacked on January 22. Full details on models, shades, and more.

French startups see stable funding as AI drives growth

France's startup funding remains stable in 2024, with AI driving 27% of investments despite challenges like lower U.K. investments and bankruptcies.

More applicants but harder to hire: LinkedIn highlights hiring challenges in 2025

LinkedIn's 2025 research highlights hiring struggles in APAC, driven by a skills mismatch, rising AI demands, and new tools to address these challenges.

China may allow Elon Musk to acquire TikTok’s US division

China may consider selling TikTok US to Elon Musk if the app is banned. ByteDance ownership remains preferred but uncertain.

ASUS introduces ProArt Display 5K PA27JCV for creative professionals

ASUS unveils the ProArt Display 5K PA27JCV, a 27-inch monitor offering 5K resolution, Delta E<2 colour accuracy, and advanced features for creators.

Character AI tests games on its platform to boost user engagement

Character AI introduces games to its platform to boost user engagement and enhance its entertainment offerings.

Canoo files for bankruptcy, ending seven years of EV innovation

Canoo, a seven-year-old EV startup, filed for bankruptcy and ceased operations after failing to secure funding.

Perplexity acquires Read.cv, a professional networking platform

Perplexity acquires professional networking platform Read.cv, ending its operations. Users can export data until May 16 as domains shift to Hello.cv.