Hackers group Lazarus, which is linked to North Korea by the American intelligence services, has successfully attacked a Dutch defense company. Security company ESET reports this after an investigation.
It was part of a global attack on defense companies. In addition to the Netherlands, companies in Brazil, Turkey, France and Switzerland were also affected. The campaign started last year.
It has not been disclosed which Dutch company is involved. It is also unclear how deep the hackers got into the systems and whether valuable information was stolen. Dave Maasland, CEO of ESET Netherlands, cannot answer this in a comment.
Fake Amazon Recruiter
It is clear, however, how they proceeded. According to Maasland, so-called spearphishing. This means that the hackers have targeted people. The investigation shows that in 2021 employees of the defense company were approached by a person posing as a recruiter from Project Kuiper, the internet satellite project of tech giant Amazon.
The attacks are part of a global campaign targeting Europe’s aerospace and defense sectors, according to ESET. The malware that was used differed each time, but the recruitment was always done via LinkedIn, says Maasland. “A Word file was sent via that platform, supposedly with an offer from Amazon, for example. When that file was opened, it downloaded malware in the background.”
Advanced Spy Software
According to Maasland, this concerns advanced espionage software. “It gave the attacker access to the system. You can then try to break in further. You basically have a foot in the door and can then try to kick it in to get into the living room.”
Maasland cannot say which system the hackers had access to. According to him, it is generally the case that people often choose an employee with access to files that they are interested in. ESET cannot say how long the hackers have been inside. “This is the group that once stole 80 million from a bank,” says Maasland. “So they know how to go unnoticed.”
What is striking about this attack is that people use LinkedIn. “Everyone is trained not to open links in emails. But if you get an offer with a great salary, chances are people will take it up.” In the case of arms manufacturer Lockheed Martin, images from the real recruitment campaign were even used, Maasland says.
Ministry response
It is unclear to what extent the attack on the Dutch defense company has consequences for national security. A Defense Ministry spokesperson was unable to answer questions about this today.
–
