How Lazarus impersonated Meta to attack a target in Spain – Week in security with Tony Anscombe

7 months ago AndyC

Video
During the attack, the group deployed several tools, most notably a newly-discovered sophisticated backdoor that ESET named LightlessCan

Video

During the attack, the group deployed several tools, most notably a newly-discovered sophisticated backdoor that ESET named LightlessCan

Editor

29 Sep 2023

This week, ESET researchers unveiled their findings about an attack by the North Korea-linked APT group Lazarus that took aim at an aerospace company in Spain. The group obtained initial access to the company’s network after a successful spearphishing campaign where they masqueraded as a recruiter for Meta, the company behind Facebook, Instagram, and WhatsApp, and contacted the victim via LinkedIn Messaging. During the attack, the group deployed several tools, most notably a newly-discovered sophisticated backdoor that ESET named LightlessCan.

Learn more about the backdoor and the attack’s mechanics in the video and make sure to give the full blogpost a read here:

Lazarus luring employees with trojanized coding challenges: The case of a Spanish aerospace company

Connect with us on FacebookTwitterLinkedIn and Instagram.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , ,

More Stories

Major phishing-as-a-service platform disrupted – Week in security with Tony Anscombe

1 day ago AndyC
What makes Starmus unique? A Q&A with award-winning filmmaker Todd Miller

What makes Starmus unique? A Q&A with award-winning filmmaker Todd Miller

3 days ago AndyC
How technology drives progress: A Q&A with Nobel laureate Michel Mayor

How technology drives progress: A Q&A with Nobel laureate Michel Mayor

4 days ago AndyC
The vision behind Starmus: A Q&A with the festival’s co-founder Garik Israelian

The vision behind Starmus: A Q&A with the festival’s co-founder Garik Israelian

4 days ago AndyC

Protecting yourself after a medical data breach – Week in security with Tony Anscombe

1 week ago AndyC
The many faces of impersonation fraud: Spot an imposter before it’s too late

The many faces of impersonation fraud: Spot an imposter before it’s too late

1 week ago AndyC

You may have missed

AustralianSuper hunts for new CISO

AustralianSuper hunts for new CISO

20 mins ago AndyC
Okta warns of unprecedented scale in credential stuffing attacks on online services

Okta warns of unprecedented scale in credential stuffing attacks on online services

25 mins ago AndyC
Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks

Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks

30 mins ago AndyC
Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION

6 hours ago AndyC
Targeted operation against Ukraine exploited 7-year-old MS Office bug

Targeted operation against Ukraine exploited 7-year-old MS Office bug

6 hours ago AndyC

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.