Details Emerge on Lazarus Group's New Backdoor Malware
'LightlessCan' Patterns Tracked Following Spanish Aerospace Hack
Overt Operator
October 03, 2023
North Korea's infamous state-sponsored hacking group, Lazarus, has recently unveiled a sophisticated and continually evolving backdoor malware, dubbed "LightlessCan."
Experts from ESET, the renowned cybersecurity company, discovered this new threat and believe it to be an offshoot of Lazarus' flagship remote access Trojan (RAT), BlindingCan. This article delves into the capabilities of LightlessCan and highlights the modus operandi of the Lazarus Group.
A Persistent and Destructive Threat
Over the years, the Lazarus Group has gained notoriety for its relentless cyber attacks backed by the North Korean state. After making global headlines with the devastating 2014 Sony Pictures attack, the group has established itself as one of the most dangerous Advanced Persistent Threat (APT) groups in operation. Their exploits include stealing millions of dollars from banks, exfiltrating sensitive data from government agencies and defense contractors, executing cryptocurrency heists, and launching supply chain attacks.
The Emergence of LightlessCan
ESET researchers studying the cyber breach of a Spanish aerospace company uncovered the presence of LightlessCan. This new malware appears to be an extension of Lazarus' BlindingCan RAT, utilizing similar source code. With its complex design, LightlessCan poses a significant threat to organizations worldwide.
Spear-Phishing: The Gateway to Intrusion
ESET's analysis of the Spanish aerospace company's attack revealed that Lazarus actors gained initial access through a targeted spear-phishing campaign. Posing as a recruiter from Meta, the parent company of Facebook, the threat actor contacted specific employees at the aerospace firm via LinkedIn Messaging.
The unsuspecting employee who engaged with the initial message received coding challenges, allegedly to assess their C++ programming proficiency. Unbeknownst to the employee, these challenges were hosted on a third-party cloud storage platform and contained malicious executables. As a result, additional payloads were surreptitiously downloaded onto the employee's system.
The Ongoing Threat Landscape
LightlessCan's emergence highlights the Lazarus Group's constant evolution and its dedication to advancing its hacking capabilities. This new backdoor malware has the potential to infiltrate organizations across various sectors, posing a significant challenge to enterprise security teams.
Countermeasures and Vigilance
Organizations must remain vigilant in the face of advanced cyber threats like LightlessCan. Implementing robust security measures, conducting regular employee training on phishing awareness, and adopting a multi-layered defense approach are crucial in mitigating the risk of infiltration.