The utilization of fake job offers is not a new lure in the threat landscape, though North Korea changed its approach by sending malware in malicious documents through social media in addition to email. This technique might be more effective at evading corporate defenses that scan incoming email for threats, but which lack the ability to inspect messages sent via social media. McAfee researchers did not have access to the actual messages that were being distributed but the group was utilizing the following job titles to “recruit” employees:

– F-22 Fighter Jet Program
– Defense, Space, and Security (DSS)
– Photovoltaics for space solar cells
– Aeronautics Integrated Fighter Group
– Military aircraft modernization programs

North Korea has built a dominant hacking regime despite being a small country with limited financial resources. The country focuses on intelligence stealing and financial gain, previously being linked to attacks against financial institutions, ransomware and Magecart attacks. Employees in the defense and aerospace sector have always been highly targeted. This new campaign comes at a time when government employees in the United States are less likely to be seeking jobs in the private sector as they have in the past due to COVID-19. This makes the campaign not as effective as it could have been under normal circumstances. Employees should always be aware of job scams as they are used by many threat actors. Never open documents sent through social media or email unless the sender can be verified. If a job offer comes through one of these means and cannot be confirmed, it is best to reach out to the company directly.

More information can be read here: https://www.zdnet.com/article/us-defense-and-aerospace-sectors-targeted-in-new-wave-of-north-korean-attacks/