Beware of fake Meta job alerts - it could be North Korean hackers

Lazarus, a North Korean hacker group, poses as Meta recruiters on LinkedIn to scam a Spanish aerospace firm.

  (photo credit: Istockphoto)
(photo credit: Istockphoto)

In a recent cyberattack, operatives of North Korea's Lazarus Group successfully infiltrated the network of a Spanish aerospace company.

They reached out to the company's employees via LinkedIn's messaging service, disguising themselves as legitimate recruiters from Meta, and presented them with two deceptive "coding challenges" as part of a fake hiring process. The company employees fell for the ruse, leading to the inadvertent download of the LightlessCan malware onto their devices.

LightlessCan, categorized as a Remote Access Trojan (RAT), provides hackers with the ability to control the target computer discreetly.

This insidious malware granted Lazarus operatives unrestricted access to the employees' devices, enabling them to pilfer sensitive information. The breach came to light when an employee of the Spanish company discovered the malware on their device and promptly reported it to the cybersecurity firm ESET, who then investigated and unveiled the true nature of the attack.

North Korean cyber espionage

Credit: INGIMAGE
Credit: INGIMAGE

ESET successfully identified the Lazarus Group as the culprits, with it being part of the Operation DreamJob cyber campaign, primarily focused on cyber espionage.

This case serves as a stark reminder of the critical need for heightened information security awareness among company employees, particularly when utilizing social media platforms for professional purposes.

It underscores the fact that even recruiters from renowned companies can be impersonated by highly sophisticated attackers.