- A researcher from cybersecurity firm ESET has discovered a new way that the Lazarus hacking group is using to compromise target victims without being detected
- Known as LightlessCan, it’s included in a malware program and programmed to mimic genuine Windows commands
- The hackers are also avoiding detection by security researchers by making the malware accessible only from the target victim’s computer
A researcher from ESET has uncovered a new way that the North Korean hacking group Lazarus has been using to stealthily affect a target’s computer. Mostly deployed through a fake employment scam, the method involves lacing downloadable purported employment documents with malware that mimics activities of genuine Windows commands during execution. The hacking group is also making its activities less detectable by programming the malware to only open and execute on a victim’s computer, giving the group an edge over detection efforts.
Lazarus has a Significant Advantage
According to ESET’s Peter Kálnai, mimicking genuine Windows operations enables the malware to dodge surveillance from “digital forensic tools [and] monitoring solutions.” Kálnai added that the new method gives the group a “significant advantage.”
#ESET researchers unveiled their findings about an attack by the North Korea-linked #APT group #Lazarus that took aim at an aerospace company in Spain.
▶️ Find out more in a #WeekinSecurity video with @TonyAtESET. pic.twitter.com/M94J200VQx
— ESET (@ESET) September 29, 2023
The researcher discovered the new intrusion method when investigating an attack on an aerospace firm. Lazarus reached out to one of the firm’s employees with a fake employment promise.
The employee then received downloadable documents that were part of the supposed employment contract and which contained “a publicly undocumented backdoor […] named LightlessCan.”
Ronin Hacked Through Fake Employment Contract
The North Korean hacking group has been wreaking havoc in the web3 space siphoning over $3 billion from crypto platforms since 2016. Its recent victims include crypto casino Stake, Atomic Wallet, Alphapo Wallet and Ronin Network.
Among the victims, the Ronin Network hack was recently attributed to the group’s fake employment scam that was directed to one of Ronin’s engineers.
With the group employing sophisticated hacking methods, it’s likely to nab more unsuspecting crypto platforms.