I want to start with something that spotted me to read this very lengthy article I’ll link to within this article.
This is a toot by Brian Krebs. We blogggggged about the spike in Linked in issues, but this research from Eset’s We Live Security blog is quite detailed.
This may be yet another source that I may have to put in for my RSS and for sharing.
Let’s first start with the toot from Brian Krebs. Note that i will not be linking to anything in HTML, but the root article will be linked.
BrianKrebs: That huge spike in fake executive accounts on LinkedIn over the past year is starting to make a lot more sense now. Researchers at ESET have an excellent post on research that ties the 3CX supply chain compromise to North Korea’s Lazarus hacking group, but the most interesting detail (for me) was this bit:
‘The Lazarus group’s Operation DreamJob involves approaching targets through LinkedIn and tempting them with job offers from industry leaders.”
Here’s a bit more:
ESET researchers have discovered a new Lazarus Operation DreamJob campaign targeting Linux users. Operation DreamJob is the name for a series of campaigns where the group uses social engineering techniques to compromise its targets, with fake job offers as the lure. In this case, we were able to reconstruct the full chain, from the ZIP file that delivers a fake HSBC job offer as a decoy, up until the final payload: the SimplexTea Linux backdoor distributed through an OpenDrive cloud storage account. To our knowledge, this is the first public mention of this major North Korea-aligned threat actor using Linux malware as part of this operation.
https://www.welivesecurity.com/2023/04/20/linux-malware-strengthens-links-lazarus-3cx-supply-chain-attack/
My series on the huge jumps in fake executive profiles on LinkedIn last year:
https://krebsonsecurity.com/tag/linkedin-bots/
The article that comes from We Live Security is titled Linux malware strengthens links between Lazarus and the 3CX supply?chain attack and I found this quite interesting.
I don’t believe we covered the 3CX ordeal but I di sem to spot something via the particular site called data breaches.
Seems to me that Lazarus is now getting in the dangerous game by now being part of all major Desktop operating systems. The major operating desktop systems are Windows, Mac and Linux.
Linux is more appropriate on servers, but you and I are able to use this operating system. There are also access technology software packages that you can get to run it accessibly.
The infection started with a direct message, probably on linked in or other social media with a fake job offer. After that, this malware is very interesting. It would be too much to cover here, as I don’t want to do their writing.
Just know that Lazarus doesn’t seem to be going anywhere, anytime soon.
Here’s a link to the linked in bots tag that Brian had within his toot. I didn’t link it above as I want the toot to be unedited.
Have fun digesting this one! Thanks for the share, Brian!
Discover more from Jared's Technology podcast network
Subscribe to get the latest posts sent to your email.