The North Korean hacker group, known as the Lazarus Group, was recently spotted using a particularly sophisticated type of malware, called LightlessCan, to carry out their fake job offers. This technique is intended to deceive victims with job offers from well-known companies. In addition, it is now equipped with a technological arsenal that is much more difficult to detect than its predecessor, BlindingCan.
The discovery of LightlessCan by ESET researchers
Researchers from ESET, a cybersecurity company, discovered this new, still undocumented malware. It was during the analysis of a recent attack perpetrated against a Spanish company specializing in aerospace. Thus, the Lazarus group’s modus operandi is based on targeted phishing campaigns and personalized messages. These are sent to platforms like LinkedIn, to give the impression that the communications are from legitimate recruiters.
A concrete example of a scam in 2022
A notable case from 2022 involves an employee of a Spanish aerospace company receiving a message from a fake recruiter named Steve Dawson on LinkedIn. The exchange between the two users led to a navigation to a counterfeit website. This offers the alleged candidate to take employment tests and download malicious documents containing LightlessCan software.
The innovative features of LightlessCan
In addition to being difficult to detect, LightlessCan presents significant advances over previous generations of malware used by the Lazarus group. On the one hand, it is capable of mimicking native Windows commands. This way, it can discretely execute its actions within the malware itself rather than through console executions.
A stealthy approach to evading surveillance tools
This stealthy method eludes real-time surveillance solutions and computer forensic analysis tools. Thus, to reinforce its discretion, the LightlessCan software payload also relies on “execution safeguards”. These thus ensure that decryption only occurs on the intended victim’s machine. This also prevents any unintentional decryption by security researchers.
- Mimicry of native Windows commands
- Stealth execution within the malware
- Evasion of real-time surveillance and forensic tools
- Secure encryption to prevent decryptions by third parties
The consequences of these attacks and the international measures taken in response
The international community is particularly concerned about the actions of the Lazarus group, as suspicions remain. Indeed, it is possible that funds diverted using LightlessCan could help finance North Korea’s nuclear missile program. Thus, in the face of this threat, the United Nations has initiated transnational collaboration to counter the cybercrime tactics employed by North Korea.
How to protect yourself against these threats?
To ensure their security, companies and organizations must make their employees aware of the risks associated with false job offers and manipulation on social networks. Applying cybersecurity best practices, such as keeping systems up to date and using reliable antivirus software, also helps limit the risks associated with these types of threats.
