ADVERTISEMENT

Cybercriminals targeting security researchers, media organisations with malware using fake jobs on LinkedIn

Published - March 11, 2023 02:06 pm IST

Suspected North-Korean hacking group is targeting security researchers, media organisations with a new malware via fake job offer on LinkedIn  

Suspected North-Korean hacking group is targeting security researchers, media organisations with pear-phishing tactics on LinkedIn. | Photo Credit: Reuters

A suspected North-Korean hacking group is targeting security researchers and media organisations in the U.S. and Europe using fake job offers on LinkedIn.

ADVERTISEMENT

Spear-phishing tactics, that use job requirement themes, are being used to deploy three new custom malware families, Touchmove, Sideshow and Touchshift, a blog post from Mandiant said.

Cybercriminals start the attack by approaching targets on LinkedIn, posing as job recruiters, and switching over to WhatsApp to share a Word document embedded with malicious malware.

ADVERTISEMENT

This malware are designed to perform remote-template injection that can fetch malicious code from compromised WordPress sites, which attackers use as command and control servers. These are then used to establish a foothold for a payload that disguises itself as a legitimate Windows binary. This is then used to load a backdoor called TouchShot onto victims’ device.

(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)

Attackers are using the tactic to perform arbitrary code execution, modify the registry, manipulate firewall settings, add scheduled tasks, and execute additional payloads.

In cases where victims’ devices were connected to organisations that did not use a VPN, threat actors were found abusing Microsoft Intune to launch further attacks.

The identified tools highlight continued malware deployment of news by threat actors. “Although the group has previously targeted defense, media, and technology industries, the targeting of security researchers suggests a shift in strategy or an expansion of its operations”, the post said.

This is a Premium article available exclusively to our subscribers. To read 250+ such premium articles every month
You have exhausted your free article limit.
Please support quality journalism.
You have exhausted your free article limit.
Please support quality journalism.
The Hindu operates by its editorial values to provide you quality journalism.
This is your last free article.

Most Popular

ADVERTISEMENT

ADVERTISEMENT