Security News > 2020 > July > That job offer in your inbox might be part of a North Korean cyberattack
A wave of bogus job offer emails from leading aerospace and defense companies is actually a cybercrime campaign designed to harvest information about professionals in sensitive industries.
Discovered by McAfee Advanced Threat Research, the campaign appears to have begun in April 2020 and was detected until mid-June, and there are telltale signs that the campaign is being orchestrated by known North Korean hacking groups.
Hidden Cobra is a US Government umbrella term for North Korean threat groups Lazarus, Kimsuky, KONNI, and APT37, and like the campaigns in 2017 and 2019, this one has the apparent goal of "Gathering intelligence surrounding key military and defense technologies," ATR said.
The basis of the campaign is simple: Use legitimate job postings from leading defense contractors, turn them into fake job offers, and email them directly to aerospace and defense professionals who may be interested in that kind of position.
McAfee notes in its report that the campaign appears to be widening its targets, with examples being found of fake job offers at top animation companies and fake reports on US-Korean diplomatic relations targeting South Koreans.