Security News > 2020 > June > Aerospace, Military Hit in Ongoing Espionage Campaign Linked to North Korea
Organizations in the aerospace and military sectors were compromised in a highly targeted cyber-espionage campaign that shows a possible link to North Korean hackers, ESET reveals.
The threat actor behind these attacks remains unknown, but ESET believes it could be linked to the infamous North Korean state-sponsored group Lazarus, based on targeting, the use of fake LinkedIn accounts, development tools, and anti-analysis methods.
"The attacks we investigated showed all the signs of espionage, with several hints suggesting a possible link to the infamous Lazarus group. However, neither the malware analysis nor the investigation allowed us to gain insight into what files the attackers were aiming for," ESET researcher Dominik Breitenbacher comments.
WMI commands were likely used for lateral movement within the compromised environments, but the attackers removed deployed files from the hacked computers after moving to new systems.
"Our research into Operation In(ter)ception shows again how effective spearphishing can be for compromising a target of interest. [] Unafraid of direct contact, the attackers chatted with the victims to convince them to open malicious files. Once they succeeded, they had their initial foothold inside the victim companies," ESET notes.
News URL
Related news
- China, Russia, Iran, and North Korea Intelligence Sharing (source)
- North Korea’s ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps (source)
- U.S. Treasury Lifts Tornado Cash Sanctions Amid North Korea Money Laundering Probe (source)
- North Korea’s fake tech workers now targeting European employers (source)