US Defense and Aerospace employees targeted by fake job offers
US Defense and Aeropsace sectors are a common target of cyber criminals. Recently, a new wave of attacks coming from a group of North Korean hackers has been targeting employees of these two sectors with fake job offers. The intentions of the malicious actors have been to gain access to the organizations’ networks.
A report from McAfee has revealed that the attacks have started in late March and have lasted throughout May 2020. Code-named “Operation North Star”, these attacks have been connected to infrastructures, techniques, tactics and procedures, which have previously been related to Hidden Cobra, an umbrella term used by the US Government to identify all the state-sponsored North Korean hacking groups.
McAfee has revealed that the attacks consisted of phishing emails, enticing recipients to open attached documents related to a potential job offer. In the past, many hacking groups have used this luring scenario and North Korean hackers have also taken advantage of this lure in attacks aimed at the US Defense sector back in 2017 and 2019.
Yet, the 2020 attacks have some major “improvements”. For instance, the malware they have distributed is much more advanced. Moreover, some of the victims have been contacted through social networks and not necessarily through e-mails. However, the effectiveness of this campaign remains unclear as it is not known how many are the potential victims of the fake job phishing messages.
Sadly, McAfee has not had access to the malicious emails that have been used to lure the recipients and had managed to retrieve only the infected documents and malware payloads. Therefore, the company has not succeeded in specifically identifying which of the US Defense and Aerospace companies have become targets of the attacks in order to alert them individually.
The researchers have only found out about the positions of the fake jobs offerings that the hackers were “recruiting” for – Senior Design Engineer and System Engineer – and the US defense programs they tried to “recruit” for:
- F-22 Fighter Jet Program
- Defense, Space, and Security (DSS)
- Photovoltaics for space solar cells
- Aeronautics Integrated Fighter Group
- Military aircraft modernization programs
McAfee’s Chief Scientist, Raj Samani, has announced that the company has contacted US cyber security agencies to inform authorities about the past attacks as part of their normal deconfliction procedures. From what has been revealed, it is clear that the attacks have been focused on intelligence gathering considering the fact that the North Star campaign is obviously part of North Korea’s attempts to conduct cyber-espionage.
North Korean hackers have also been linked to a new ransomware strain called VHD, in news that was released this week by the security firm Kaspersky. The North Korean malicious actors have previously been related to cybercrimes of all sorts, including BEC operations, Magecart attacks, cryptocurrencies scams, ATM cashouts and more. All this speaks about one thing – while North Korea has been a small and walled nation, to date, it has created one of the most strong and advanced army of hackers.