"Lazarus Hackers Target Engineers Using Malware-Laced Job Ads"
Researchers at AT&T Cybersecurity have discovered a new phishing campaign that is targeting engineering applicants and employees in classified engineering roles across the U.S. and Europe. They revealed that the Lazarus hacking group is behind the new phishing campaign. Between May to June 2021, Twitter users identified several malicious documents attempting to impersonate new defense contractors and engineering companies such as Airbus, General Motors (GM), and Rheinmetall. All of these documents were found to contain macro malware, which has been altered during the course of this campaign from one target to another. The first two documents identified in early May 2021 relate to Rheinmetall, a German Engineering company focused on the automotive and defense industries. A similar document targeting General Motors had minor updates in the Command and Control (C&C) communication process. Another malicious document targeting Airbus had different execution and injection processes. Researchers warn that the new activity is in line with the Lazarus group's campaigns and will not be the last. Lazarus continues to use the same tactics, techniques, and procedures (TTPs), such as using Microsoft Office documents that can download remote templates, leveraging compromised third-party infrastructure to host the payloads, and more. This article continues to discuss the researchers' findings surrounding the Lazarus group's new phishing campaign against engineers.
ITPro reports "Lazarus Hackers Target Engineers Using Malware-Laced Job Ads"