Thursday, 24 April 2025
29.8 C
Singapore
31.5 C
Thailand
25 C
Indonesia
28.7 C
Philippines

Beware: Cyber attackers target the aerospace sector with fake job offers

Cybersecurity experts have uncovered a malware campaign targeting aerospace, with fake job offers linked to Iranian hackers imitating North Korean tactics.

Cybersecurity experts warn that hackers linked to the Iranian government are deploying malware in the guise of job offers, aiming to infiltrate the aerospace sector. A recent report by ClearSky Cyber Security reveals how this Iranian state-sponsored group, known as TA455, is targeting employees in aerospace, defence, and government sectors, especially in the United States, Middle East, and Europe. This cyber-espionage operation, called “Dream Job,” employs tactics that closely resemble those used by North Korean hacker groups, leaving researchers to speculate on possible collaboration or mimicry.

Hackers use fake job sites and profiles

ClearSky researchers have exposed the methods used by TA455 to deceive unsuspecting victims. The hackers set up fake recruitment websites and created fraudulent social media profiles, particularly on LinkedIn. These fake profiles are designed to lure targeted employees by offering enticing job opportunities.

Once the victim expresses interest, the hackers send job-related documents as part of the “onboarding process.” However, these documents carry a malicious file called SnailResin, a malware designed to breach the victim’s systems. SnailResin is a loader for a secondary malware called SlugResin, which allows hackers to exfiltrate data, maintain remote system control, and ensure ongoing access even after detection attempts.

Iranian hackers may be mimicking North Korea’s Lazarus Group

ClearSky has found the tactics used in “Dream Job” strikingly similar to those previously attributed to Lazarus, a notorious North Korean hacking group. Lazarus is infamous for targeting individuals with fake job offers, especially in the cryptocurrency and tech sectors. The resemblance has led researchers to speculate whether TA455 is copying Lazarus’s techniques to obscure its identity or whether the two groups might collaborate.

TA455, also known as Charming Kitten, shares traits with other Iranian cyber-espionage groups, such as APT35 and TA453. Linked to Iran’s Islamic Revolutionary Guard Corps (IRGC), TA455 has a history of cyber-espionage in aerospace, defence, and government agencies. The group’s main objectives are to collect geopolitical intelligence and steal confidential information to be leveraged for strategic advantage.

ClearSky’s analysis suggests that TA455 deliberately impersonates Lazarus’s style or that North Korean and Iranian groups share malware and tactics. Researchers have not reached a definitive conclusion but believe TA455 might use resemblance as a disguise.

Protect yourself from fake job offers

This “Dream Job” campaign serves as a timely reminder of the risks associated with unsolicited job offers, especially those from unfamiliar sources. The “too good to be true” approach often indicates potential deception, as attackers increasingly use enticing offers to trick targets into unknowingly compromising their data security.

Experts recommend verifying the legitimacy of job offers and being cautious about downloading files, especially from unknown senders. If you’re considering a job offer from an unfamiliar recruiter, take steps to authenticate the source and confirm their identity. Cybersecurity vigilance is key to protecting sensitive information from prying hackers.

Hot this week

GITEX ASIA x Ai Everything Singapore unites global tech investment elite with Southeast Asia VC funding set to surpass US$13 billion in 2025

GITEX ASIA x Ai Everything Singapore brings global startups, investors, and AI innovation to the heart of Southeast Asia’s thriving tech scene.

LG reveals a smart monitor on wheels—but it still needs to be plugged in

LG’s new 31.5" Smart Monitor Swing rolls on wheels and runs webOS, but it still needs a power plug and costs around US$740.

Rivian adds Cohere CEO to its board, showing confidence in AI direction

Rivian welcomes Cohere CEO Aidan Gomez to its board, marking a big move into AI and advanced tech for future vehicle innovation.

xAI’s Grok chatbot now lets you ask questions about what you see

Grok’s new Vision tool lets iPhone users ask questions about what they see. Updates also add real-time voice search and memory features.

Identity theft and document forgery pose rising fraud risks for APAC businesses

Businesses in APAC face rising fraud threats, with identity theft and document forgeries driving up costs and urging investment in smarter ID tools.

POCO launches entry-level C71 smartphone in Singapore with premium features

POCO launches the budget-friendly C71 smartphone in Singapore, offering premium design, enhanced cameras, and smooth performance at S$109.

NVIDIA uses AI to address climate, wildlife and disaster risks

NVIDIA’s AI tools support climate action, wildlife monitoring, and disaster risk mitigation, with uses spanning sea, land, sky and space.

Netflix raises subscription prices in Singapore again

Netflix again raises subscription prices in Singapore, with new rates for all plans and extra member slots.

GameMax unveils Blade Concept ATX case with bold design and powerful features

GameMax launches the Blade Concept ATX case, which features a striking blade design, RGB lighting, and support for high-end liquid-cooled PC builds.

Related Articles

Popular Categories