“The attacks, which we dubbed Operation In(ter)ception, based on a related malware sample named ‘Inception.dll,’ took place from September to December 2019,” ESET’s cybersecurity experts said.
The perpetrators targeted and relied on social engineering over LinkedIn and custom, multistage malware, read the paper, explaining that the attackers “frequently recompiled their malware, abused native Windows utilities and impersonated legitimate software and companies,” in order to operate under the radar.
Impersonating “representatives of well-known, existing companies in the aerospace and defense industry,” the attackers used LinkedIn’s messaging feature to approach employees within chosen companies with fictitious job offers, the company said.
While spear-phishing attacks, which involve sending emails from a known or trusted sender to induce the targeted victim to reveal confidential information, the primary goal of the attacks described in the ESET’s research was “espionage.”
However, in one case “attackers tried to monetize access to a victim’s email account through a business email compromise (BEC) attack as the final stage of the operation.”
Claiming it “did not find strong evidence” on who would be behind the attacks, ESET said it nevertheless discovered “several hints suggesting a possible link to the Lazarus group,” a notorious and mysterious group attributed to the North Korean government.
The group is believed to be active since 2009, with a wide range of cyberattacks worldwide.
It is believed that the Lazarus group was behind the attack on Sony Pictures in 2014, seen as the most destructive hacking in the US at the time. The group allegedly targeted Sony Pictures in retaliation for its role in the production of “The Interview,” a satire, comedy movie about the North Korean leader.