A hacking group, believed to be from North Korea, is suspected of targeting media organizations and security researchers in Europe and the US using fake job offers that lead to the deployment of three new malware families. The attackers are using social engineering tactics to persuade their targets to engage via WhatsApp, where they drop the malware payload called "PlankWalk." This C++ backdoor helps the attackers establish a foothold in the target's corporate environment. The campaign has been monitored by Mandiant since June 2022, and the activity observed overlaps with "Operation Dream Job," which has been attributed to the North Korean Lazarus group. Despite similarities with "Operation Dream Job," Mandiant has identified enough differences in the tools, infrastructure, and tactics used to attribute this campaign to a different group known as "UNC2970," which they have been monitoring.
Read the full article here.
