Cyber Security Threat Summary:
The Lazarus APT, associated with North Korea, gained access to a Spanish aerospace company's network through a spearphishing campaign in which they posed as a Meta recruiter (the parent company of Facebook, Instagram, and WhatsApp). Their ultimate objective was cyberespionage. The attacker reached out to the victim via LinkedIn Messaging and sent coding challenges as part of a fake hiring process, which were downloaded and executed on a company device. The attack involved a sophisticated remote access trojan (RAT) called LightlessCan, which mimics native Windows commands, enhancing stealth. Lazarus also used execution guardrails to prevent decryption on unintended machines. While LightlessCan supports numerous commands, only a subset was implemented in the current version. Aerospace companies are frequently targeted by North Korean APT groups, given the nation's interest in missile technology.

Security Officer Comments:
Social engineering played a pivotal role in this attack as the Lazarus APT group used impersonation tactics to masquerade as a trusted source—a Meta recruiter. By contacting the victim through LinkedIn Messaging and posing as a legitimate recruiter, they lured the victim into downloading and executing malicious code. This level of impersonation and manipulation is a classic social engineering technique, exploiting trust and familiarity to deceive victims.

Suggested Correction(s):
It's important for all organizations, not just those in the aerospace industry, to guard against social engineering attacks because they are highly effective across various sectors. Social engineering relies on human psychology, making anyone susceptible to manipulation. Cybercriminals can impersonate colleagues, trusted authorities, or familiar entities to gain access or deceive employees into taking harmful actions. Preventing social engineering attacks through employee training, robust security policies, and verification processes is crucial to safeguarding sensitive data and systems, regardless of the industry.

Link(s):
https://www.helpnetsecurity.com/2023/10/02/lazarus-lightlesscan/