"Lazarus Group Adds Linux Malware to Arsenal in Operation Dream Job"

The Lazarus Group, a notorious state-sponsored threat actor with ties to North Korea, has been linked to a new campaign targeting Linux users. According to a new report by ESET, the attacks are part of a persistent and long-running activity known as Operation Dream Job. The findings mark the first instance of the group using Linux malware as part of this social engineering scheme. Operation Dream Job, also known as DeathNote or NukeSped, refers to multiple attack waves in which the group uses fraudulent employment offers as an enticement to convince unsuspecting targets to download malware. In addition, there are overlaps with two other Lazarus clusters called Operation In(ter)ception and Operation North Star. Similarly, the attack chain discovered by ESET delivers a fake HSBC job offer as a decoy within a ZIP archive file, which is then used to initiate a Linux backdoor named SimplexTea distributed via an OpenDrive cloud storage account. This article continues to discuss the Lazarus Group's new campaign against Linux users.  

THN reports "Lazarus Group Adds Linux Malware to Arsenal in Operation Dream Job"