Quote:The notorious Lazarus advanced persistent threat (APT) group has been identified as the cybergang behind a campaign spreading malicious documents to job-seeking engineers. The ploy involves impersonating defense contractors seeking job candidates.
Researchers have been tracking Lazarus activity for months with engineering targets in the United States and Europe, according to a report published online by AT&T Alien Labs.
According to the report’s author, Fernando Martinez, emails sent to prospective engineering candidates by the APT purport to be from known defense contractors Airbus, General Motors (GM) and Rheinmetall.
Attached to the emails are Windows documents containing macro-based malware, “which has been developed and improved during the course of this campaign and from one target to another,” Martinez wrote.
“The core techniques for the three malicious documents are the same, but the attackers attempted to reduce the potential detections and increase the faculties of the macros,” he wrote.
The campaign is just the latest by Lazarus that targets the defense industry. In February, researchers linked a 2020 spear phishing campaign to the APT that aimed at stealing critical data from defense companies by leveraging an advanced malware called ThreatNeedle.
Indeed, with its use of Microsoft Office Macros and compromised third-party infrastructure for communications, the latest attacks have Lazarus written all over them, remaining “in line with the Lazarus’ past campaigns,” Martinez wrote.
“Attack lures, potentially targeting engineering professionals in government organizations, showcase the importance of tracking Lazarus and their evolution,” he wrote. “We continue to see Lazarus using the same tactic, techniques, and procedures that we have observed in the past.”
Read more: Lazarus Targets Job-Seeking Engineers with Malicious Documents | Threatpost
![[-]](https://www.geeks.fyi/images/collapse.png)
