Cybersecurity researchers today took the wraps off a new sophisticated cyber-espionage campaign directed against aerospace and military organizations in Europe and the Middle East with an aim to spy on key employees of the targeted firms and, in some case, even to siphon money.
he campaign, dubbed « Operation In(ter)ception » because of a reference to « Inception » in the malware sample, took place between September to December 2019, according to a new report cybersecurity firm ESET shared with The Hacker News.
« The primary goal of the operation was espionage, » the researchers told The Hacker News. « However, in one of the cases we investigated, the attackers tried to monetize access to a victim’s email account through a business email compromise (BEC) attack as the final stage of the operation. »
The financial motivation behind the attacks, coupled with similarities in targeting and development environment, have led ESET to suspect Lazarus Group, a notorious hacking group that’s been attributed to working on behalf of the North Korean government to fund the country’s illicit weapon and missile programs.
Social Engineering via LinkedIn
Stating that the campaign was highly targeted, ESET said it relied on social engineering tricks to lure employees working for the chosen companies with fake job offers using LinkedIn’s messaging feature, posing as HR managers of well-known companies in the aerospace and defense industry, including Collins Aerospace and General Dynamics.