Security News > 2023 > April > Lazarus Group Adds Linux Malware to Arsenal in Operation Dream Job
The notorious North Korea-aligned state-sponsored actor known as the Lazarus Group has been attributed to a new campaign aimed at Linux users.
The attacks are part of a persistent and long-running activity tracked under the name Operation Dream Job, ESET said in a new report published today.
Operation Dream Job, also known as DeathNote or NukeSped, refers to multiple attack waves wherein the group leverages fraudulent job offers as a lure to trick unsuspecting targets into downloading malware.
The attack chain discovered by ESET is no different in that it delivers a fake HSBC job offer as a decoy within a ZIP archive file that's then used to launch a Linux backdoor named SimplexTea distributed via an OpenDrive cloud storage account.
ESET said it identified commonalities between artifacts used in the Dream Job campaign and those unearthed as part of the supply chain attack on VoIP software developer 3CX that came to light last month.
The findings not only strengthen the existing link between Lazarus Group and the 3CX compromise, but also demonstrates the threat actor's continued success with staging supply chain attacks since 2020.
News URL
https://thehackernews.com/2023/04/lazarus-group-adds-linux-malware-to.html
Related news
- Developers Beware: Lazarus Group Uses Fake Coding Tests to Spread Malware (source)
- 'Hadooken' Linux malware targets Oracle WebLogic servers (source)
- New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency (source)
- New Linux malware Hadooken targets Oracle WebLogic servers (source)
- New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking (source)
- Linux malware “perfctl” behind years-long cryptomining campaign (source)
- Linux systems targeted with stealthy “Perfctl” cryptomining malware (source)
- New FASTCash malware Linux variant helps steal money from ATMs (source)
- New Linux Variant of FASTCash Malware Targets Payment Switches in ATM Heists (source)