Skip to main content

North Korean hackers create fake job offers to steal important data

Lazarus, a state-sponsored hacker group based in North Korea, is now using open-source software and creating fake jobs in order to spread malware, says Microsoft.

The well-known group of hackers is targeting many key industry sectors, such as technology, media entertainment, and defense, and it’s using many different kinds of software to carry out these attacks.

Related Videos
An image describing how the hacker group ZINC operates.
Microsoft

The next time you get a message on LinkedIn, you should be careful. Microsoft warns that the North Korea-based threat group has been actively using open-source software infected with trojans to attack industry professionals. Microsoft has determined that these social engineering attacks started in late April and continued until at least mid-September.

Lazarus, also referred to as ZINC, Labyrinth Chollima, and Black Artemis, is a state-sponsored military hacking group from North Korea. It’s said that it has been active since at least 2009, and since then it’s been responsible for a variety of large attacks, including phishing, ransomware campaigns, and more.

The group has been creating fake LinkedIn recruiter profiles and approaching suitable candidates with job offers at legitimate, existing companies. “Targets received outreach tailored to their profession or background and were encouraged to apply for an open position at one of several legitimate companies,” said Microsoft.

Once the victims were convinced to move the conversation over from LinkedIn to WhatsApp, which offers encrypted communication, the hackers moved on to the next step. During the WhatsApp conversation, the targets received infected software that allowed Lazarus to deploy malware on their systems.

The end goal for the hackers was to be able to steal sensitive information or obtain access to valuable networks. Aside from the malware — which was found in programs such as PuTTY, KiTTY, TightVNC, muPDF/Subliminal Recording, and Sumatra PDF Reader — the attacks were well-engineered on the social side of things, too, with LinkedIn profiles and companies picked to match the victim’s profession.

A depiction of a hacker breaking into a system via the use of code.
Getty Images

As noted by Bleeping Computer, ZINC has also carried out similar attacks by using fake social media personas to distribute malware. Earlier, it was chiefly targeting security researchers; this time around, the attacks have a broader range.

These attacks seem like a follow-up to Operation Dream Job. The campaign, active since 2020, focused on targets from the defense and aerospace sectors in the U.S. and lured them in with interesting job offers, all with the goal of conducting cyber-espionage. Lazarus has also been spotted targeting cryptocurrency workers and crypto exchanges in the past.

How to protect yourself from these attacks? Try to keep your LinkedIn conversations on the platform, if at all possible. Don’t accept files from people you don’t know and make sure to use good antivirus software. Lastly, don’t be afraid to reach out to the company and verify that the person trying to send you files actually works there.

Editors' Recommendations

DuckDuckGo is taking on ChatGPT without busting your privacy
The DuckAssist tool in the DuckDuckGo web browser showing a search result with an AI-generated answer summary at the top.

Privacy-focused web browser DuckDuckGo is adding artificial intelligence (AI) smarts to its search results with a new summarizer feature. It’s just the latest browser to integrate AI into its offerings, and suggests you can have both privacy and AI in the age of ChatGPT.

Dubbed DuckAssist, the tool takes your search query and generates an answer summary from Wikipedia, placing this synopsis at the top of your search results. In keeping with DuckDuckGo’s emphasis on privacy, DuckAssist works anonymously using AI natural language technology.

Read more
Windows 10 Home vs. Pro vs. S mode: What’s the difference?
dell xps 15 2 in 1 review version 1522861390 front display

Windows 10 still holds its own, despite Windows 11 being worth the upgrade. It has many of the same features as its younger sibling, and with some applications, it still performs better. But if you plan to install Windows 10 on a new computer, you'll need to pick from one of the many options of Windows 10 to install.

Should you install Windows 10 Home? Windows 10 Pro? What about S Mode? In this guide to Windows 10, we'll break down the most popular versions and why one or the other might be best for you.
Windows 10 Home vs. Pro vs. S mode features
It can be challenging to work through all the Windows 10 versions to decide which one is right for your needs. All three mainstream versions are on this list and should give you the best choices for general computing or school. 

Read more
Microsoft Edge opens AI-upscaled video to AMD graphics cards
The Microsoft Edge browser is open on a Surface Book 2 in tablet mode.

Microsoft is rolling out a new super resolution for its Edge browser, but unlike Nvidia's recently announced RTX Video Super Resolution, Microsoft's take works with AMD graphics cards.

Edge is taking the same name. Video Super Resolution (VSR) leverages AI to upscale videos directly in your browser. Microsoft's announcement reads, "It accomplishes this by removing blocky compression artifacts and upscaling video resolution so you can enjoy crisp and clear videos on YouTube and other streaming platforms that play video content without sacrificing bandwidth."

Read more