North Korean cyberspies trick developers into installing malware with fake job interviews

In November, the Lazarus group, North Korea’s main cyberespionage and sabotage arm, compromised a Taiwanese multimedia software company called CyberLink and hacked the installer of one of its commercial programs. In February, Japan’s CERT reported that Lazarus uploaded malicious Python packages to PyPI, the official Python package repository.

One of the dangers of campaigns like DEV#POPPER is that some victims who fall for the lure of fake interviews are current employees looking for better opportunities. Therefore, they are likely to have details and information about projects as part of their current duties, which highlights the importance of managing engineering equipment as a valuable asset with strict access control and monitoring.

“Based on the telemetry collected, no specific victimology trend was identified,” Securonix researchers wrote in their new report. “However, analysis of the collected samples revealed that the victims were widely scattered in South Korea, North America, Europe and the Middle East, indicating that the impact of this attack was widespread.”


Source link