North Korean Hackers Posing As Facebook Recruiters Hit Job Hunters With Malware
Looking to work for Meta? Make sure that job offer is legit. North Korean hackers have been spotted posing as recruiters for Facebook parent company Meta to trick users into loading malware on their computers.
The findings come from antivirus provider ESET, which recently investigated a 2022 breach at an unnamed Spanish aerospace company. ESET traced the intrusion to a hacker-controlled account on LinkedIn that was impersonating a recruiter for Meta.
The suspected North Korean hackers contacted multiple employees at the Spanish aerospace company using LinkedIn Messaging. “Masquerading as a Meta recruiter, the attacker used a job offer lure to attract the target’s attention and trust,” ESET says.
The "recruiter" sent prospective employees coding challenges, or quizzes, so they could demonstrate their programming skills. But in reality, the coding challenges were malicious software packages and included a downloader designed to “deploy any desired program into the memory of the victim’s computer,” ESET says.
Once the downloader was installed, the hacker delivered two different remote-access Trojans, which can hijack access to a PC. One of those Trojans was previously used in campaigns from the notorious North Korean group Lazarus, perhaps best known for their cryptocurrency heists and the 2014 Sony Pictures hack.
ESET also notes that employees who fell for the scheme were using “corporate computers for personal purposes." As a result, the North Korean hackers had easy access to the Spanish aerospace company’s network. “The final goal of the attack was cyberespionage,” possibly to further North Korea’s own aerospace and nuclear weapons ambitions.
During the intrusion, the North Korean hackers also deployed a newly
Read more on pcmag.com
