ESET: North Korean government-linked hackers target aerospace company in Spain

Hackers associated with Lazarus Group, a hacker group with links to the North Korean government, recently targeted an aerospace company based in Spain, as uncovered by security company ESET.

The hackers successfully infiltrated the aerospace company’s network through a spear-phishing campaign, using a fake Meta recruiter’s persona on LinkedIn to reach out to the company’s employees. The fake recruiter presented employees with two coding challenges as part of a supposed application process. Unwittingly, one of the employees downloaded the malicious files onto a company device, creating a backdoor into the victim’s device, and enabling the hackers to gain access.

What sets this attack apart is the deployment of a novel and highly advanced payload referred to as ‘LightlessCan.’ ESET researcher Peter Kálnai, who made the discovery, expressed deep concern over the payload’s sophistication and its potential for evolution. LightlessCan represents a significant advancement compared to its predecessor, ‘BlindingCan,’ showcasing the constant evolution of malicious tools used by hacking groups.

Aerospace companies are not uncommon targets for advanced persistent threat (APT) groups aligned with North Korea. These cyberattacks often serve to fund North Korea’s nuclear weapons program or acquire technical knowledge to support its endeavours.

This latest cyberattack serves as a stark reminder of the persistent threat posed by state-sponsored hacking groups and the need for robust cybersecurity measures to safeguard critical infrastructure and sensitive information in both the public and private sectors.