Spanish Aerospace Company targeted by North Korean Lazarus Gang

November 30, 2023

INCIDENT

Hackers connected to a notorious group within the North Korean government launched an attack against an aerospace company in Spain, according to researchers at security company ESET. In a report on Friday, researchers said they discovered a campaign by hackers connected to Lazarus — an infamous group that has stolen billions from cryptocurrency firms over the last two years.

The North Korean 'Lazarus' hacking group targeted employees of an aerospace company located in Spain with fake job opportunities to hack into the corporate network using a previously unknown 'LightlessCan' backdoor. The hackers utilized their ongoing "Operation Dreamjob" campaign, which entails approaching a target over LinkedIn and engaging in a fake employee recruitment process that, at some point, required the victim to download a file.

Employees of the unnamed company were sent messages on LinkedIn from a fake Meta recruiter and tricked into opening malicious files that purported to be coding quizzes or challenges. When opened, the files infect a victim’s device with a backdoor that would allow the hackers to conduct espionage, according to ESET.

Incident Date

September 29, 2023

Location

Spain

Estimated Cost


No cost values disclosed.