Monday, March 8, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

Hackers Target Military and Aerospace Staff by Posing as HRs Offering Jobs

June 17, 2020
in Internet Privacy
Hackers Target Military and Aerospace Staff by Posing as HRs Offering Jobs
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Cybersecurity researchers today took the wraps off a new sophisticated cyber-espionage campaign directed against aerospace and military organizations in Europe and the Middle East with an aim to spy on key employees of the targeted firms and, in some case, even to siphon money.

The campaign, dubbed “Operation In(ter)ception” because of a reference to “Inception” in the malware sample, took place between September to December 2019, according to a new report cybersecurity firm ESET shared with The Hacker News.

You might also like

Researchers Find 3 New Malware Strains Used by SolarWinds Hackers

Bug in Apple’s Find My Feature Could’ve Exposed Users’ Location Histories

Mazafaka — Elite Hacking and Cybercrime Forum — Got Hacked!

“The primary goal of the operation was espionage,” the researchers told The Hacker News. “However, in one of the cases we investigated, the attackers tried to monetize access to a victim’s email account through a business email compromise (BEC) attack as the final stage of the operation.”

The financial motivation behind the attacks, coupled with similarities in targeting and development environment, have led ESET to suspect Lazarus Group, a notorious hacking group that’s been attributed to working on behalf of the North Korean government to fund the country’s illicit weapon and missile programs.

Social Engineering via LinkedIn

Stating that the campaign was highly targeted, ESET said it relied on social engineering tricks to lure employees working for the chosen companies with fake job offers using LinkedIn’s messaging feature, posing as HR managers of well-known companies in the aerospace and defense industry, including Collins Aerospace and General Dynamics.

Hackers Target Military and Aerospace

“Once the contact was established, the attackers snuck malicious files into the communication, disguising them as documents related to the advertised job offer,” the researchers said, based on an investigation with two of the affected European companies.

The decoy RAR archive files, which were directly sent over the chats or as emails sent from their fake LinkedIn personas pointing to an OneDrive link, purported to contain a PDF document detailing salary information of specific job positions, when in actuality, it executed Windows’ Command Prompt utility to perform a series of actions:

  1. Copy Windows Management Instrumentation command-line tool (wmic.exe) to a specific folder
  2. Rename it to something innocuous to evade detection (e.g., Intel, NVidia, Skype, OneDrive and Mozilla), and
  3. Create scheduled tasks that execute a remote XSL script via WMIC.

The actors behind the operation, upon gaining an initial foothold inside the target company, went on to employ a custom malware downloader, which in turn downloaded a previously undocumented second-stage payload — a C++ backdoor that periodically sends requests to an attacker-controlled server, carry out pre-defined actions based on the received commands, and exfiltrate the collected information as a RAR file via a modified version of dbxcli, an open-source command-line client for Dropbox.

In addition to using WMIC to interpret remote XSL scripts, the adversaries also abused native Windows utilities such as “certutil” to decode base64-encoded downloaded payloads, and “rundll32” and “regsvr32” to run their custom malware.

“We actively seek out signs of state-sponsored activity on the platform and quickly take action against bad actors in order to protect our members. We don’t wait on requests, our threat intelligence team removes fake accounts using information we uncover and intelligence from a variety of sources, including government agencies,” Paul Rockwell, Head of Trust and Safety at LinkedIn said in a statement sent to The Hacker News.

“Our teams utilize a variety of automated technologies, combined with a trained team of reviewers and member reporting, to keep our members safe from all types of bad actors. We enforce our policies, which are very clear: the creation of a fake account or fraudulent activity with an intent to mislead or lie to our members is a violation of our terms of service. In this case, we uncovered instances of abuse that involved the creation of fake accounts. We took immediate action at that time and permanently restricted the accounts”

Financially Motivated BEC Attacks

Besides reconnaissance, ESET researchers also found evidence of attackers attempting to exploit the compromised accounts to extract money from other companies.

Hackers Target Military and Aerospace

Although unsuccessful, the monetization tactic worked by using the existing email communications between the account holder and a customer of the company to settle an outstanding invoice to a different bank account under their control.

“As part of this ruse, the attackers registered an identical domain name to that of the compromised company, but on a different top-level domain, and used an email associated with this fake domain for further communication with the targeted customer,” ESET said.

Ultimately, the targeted customer reached out to the correct email address of the victim about the suspicious emails, thus foiling the attackers’ attempt.

“Our research into Operation In(ter)ception shows again how effective spear-phishing can be for compromising a target of interest,” the researchers concluded.

“They were highly targeted and relied on social engineering over LinkedIn and custom, multistage malware. To operate under the radar, the attackers frequently recompiled their malware, abused native Windows utilities, and impersonated legitimate software and companies.”


Credit: The Hacker News By: noreply@blogger.com (Ravie Lakshmanan)

Previous Post

Breaking Down AI's Role In Cybersecurity

Next Post

Phishing warning: Reset your password to lockout crooks, football fans told

Related Posts

Researchers Find 3 New Malware Strains Used by SolarWinds Hackers
Internet Privacy

Researchers Find 3 New Malware Strains Used by SolarWinds Hackers

March 6, 2021
Bug in Apple’s Find My Feature Could’ve Exposed Users’ Location Histories
Internet Privacy

Bug in Apple’s Find My Feature Could’ve Exposed Users’ Location Histories

March 6, 2021
Mazafaka — Elite Hacking and Cybercrime Forum — Got Hacked!
Internet Privacy

Mazafaka — Elite Hacking and Cybercrime Forum — Got Hacked!

March 6, 2021
Google Cloud Certifications — Get Prep Courses and Practice Tests at 95% Discount
Internet Privacy

Google Cloud Certifications — Get Prep Courses and Practice Tests at 95% Discount

March 5, 2021
CISA Issues Emergency Directive on In-the-Wild Microsoft Exchange Flaws
Internet Privacy

CISA Issues Emergency Directive on In-the-Wild Microsoft Exchange Flaws

March 5, 2021
Next Post
Phishing warning: Reset your password to lockout crooks, football fans told

Phishing warning: Reset your password to lockout crooks, football fans told

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Dataiku named as Gartner Leader for Data Science and Machine Learning
Machine Learning

Dataiku named as Gartner Leader for Data Science and Machine Learning

March 8, 2021
Bill establishing cyber abuse takedown scheme for adults enters Parliament
Internet Security

eSafety defends detail of Online Safety Bill as the ‘sausage that’s being made’

March 8, 2021
An Easy Way to Solve Complex Optimization Problems in Machine Learning
Data Science

An Easy Way to Solve Complex Optimization Problems in Machine Learning

March 8, 2021
Machine Learning Patentability In 2019: 5 Cases Analyzed And Lessons Learned Part 4 – Intellectual Property
Machine Learning

Podcast: Non-Binding Guidance: FDA Regulatory Developments In AI And Machine Learning – Food, Drugs, Healthcare, Life Sciences

March 8, 2021
Here’s an adorable factory game about machine learning and cats
Machine Learning

Here’s an adorable factory game about machine learning and cats

March 8, 2021
How Machine Learning Is Changing Influencer Marketing
Machine Learning

How Machine Learning Is Changing Influencer Marketing

March 8, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Dataiku named as Gartner Leader for Data Science and Machine Learning March 8, 2021
  • eSafety defends detail of Online Safety Bill as the ‘sausage that’s being made’ March 8, 2021
  • An Easy Way to Solve Complex Optimization Problems in Machine Learning March 8, 2021
  • Podcast: Non-Binding Guidance: FDA Regulatory Developments In AI And Machine Learning – Food, Drugs, Healthcare, Life Sciences March 8, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates