Headline
Hackers Lure Cybersecurity Researchers With Fake LinkedIn Recruiter Profiles
Campaign demonstrates the DPRK-backed cyberattackers are gaining tools to avoid EDR tools.
North Korean advanced persistent threat (APT) group Lazarus (aka UNC290) has been targeting security researchers with a phishing campaign via LinkedIn since last June.
Mandiant reported that the phishing attacks started against a US-based tech company, and noted the threat actors were using three new code families — Touchmove, Sideshow, and Touchshift — in their activities.
Posing as recruiters on LinkedIn, the group works to earn a victim’s trust, and it then convinces them engage on WhatsApp or by email, where they can send a malware dropper, Mandiant explained.
“Following the identification of this campaign, Mandiant responded to multiple UNC2970 intrusions targeting US and European media organizations through spear-phishing that used a job recruitment theme and demonstrated advancements in the groups ability to operate in cloud environments and against endpoint detection and response (EDR) tools,” Mandiant said about the emerging phishing campaign.
Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe