Cybercriminals targeting security researchers, media organisations with malware using fake jobs on LinkedIn

Suspected North-Korean hacking group is targeting security researchers, media organisations with a new malware via fake job offer on LinkedIn  

March 11, 2023 02:06 pm | Updated 02:06 pm IST

Suspected North-Korean hacking group is targeting security researchers, media organisations with pear-phishing tactics on LinkedIn.

Suspected North-Korean hacking group is targeting security researchers, media organisations with pear-phishing tactics on LinkedIn. | Photo Credit: Reuters

A suspected North-Korean hacking group is targeting security researchers and media organisations in the U.S. and Europe using fake job offers on LinkedIn.

Spear-phishing tactics, that use job requirement themes, are being used to deploy three new custom malware families, Touchmove, Sideshow and Touchshift, a blog post from Mandiant said.

Cybercriminals start the attack by approaching targets on LinkedIn, posing as job recruiters, and switching over to WhatsApp to share a Word document embedded with malicious malware.

This malware are designed to perform remote-template injection that can fetch malicious code from compromised WordPress sites, which attackers use as command and control servers. These are then used to establish a foothold for a payload that disguises itself as a legitimate Windows binary. This is then used to load a backdoor called TouchShot onto victims’ device.

(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)

Attackers are using the tactic to perform arbitrary code execution, modify the registry, manipulate firewall settings, add scheduled tasks, and execute additional payloads.

In cases where victims’ devices were connected to organisations that did not use a VPN, threat actors were found abusing Microsoft Intune to launch further attacks.

The identified tools highlight continued malware deployment of news by threat actors. “Although the group has previously targeted defense, media, and technology industries, the targeting of security researchers suggests a shift in strategy or an expansion of its operations”, the post said.

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.