TA455’s Iranian Dream Job Campaign Targets Aerospace with Malware A complex ...

npub1zm7…pnd6

2024-11-13 11:22:04

TA455’s Iranian Dream Job Campaign Targets Aerospace with Malware

A complex phishing campaign attributed to the Iranian-linked threat actor TA455, has been observed using sophisticated techniques to impersonate job recruiters on LinkedIn and other platforms.

ClearSky Cyber Security released the report today, which outlines TA455’s methods, targets and infrastructure.

The campaign, active since at least September 2023, begins with a spear phishing approach in which TA455 lures individuals with fake job offers. Using LinkedIn to gain trust, the attackers prompt victims to download a ZIP file titled “SignedConnection.zip,” which was flagged as malicious by five antivirus engines.

This ZIP file contains an EXE file designed to load malware into the victim’s system through DLL side-loading, where a malicious DLL file called “secur32[.]dll” is loaded instead of a legitimate one, allowing the attacker to run undetected code within a trusted process.

See more
Infosecurity magazine: https://www.infosecurity-magazine.com/news/ta455s-iranian-dream-job-campaign/

The Hackers News:
https://thehackernews.com/2024/11/iranian-hackers-use-dream-job-lures-to.html

#cybersecurity #phishing #malware

Author Public Key

npub1zm7jduqq2nmxz5wxh4ujtm00g9vxzqa0r82yt7flvm67yje5gfaqa5pnd6

Seen on

wss://nostr.mom wss://relay.nostr.band

Show more details

Published at

2024-11-13 11:22:04

Kind type

1 Short Text Note

Event JSON

{ "id": "c61f940d52d41f75e5344b22e4aa52cac7746c11f8b304c5d6d1f980db001241", "pubkey": "16fd26f00054f66151c6bd7925edef41586103af19d445f93f66f5e24b34427a", "created_at": 1731496924, "kind": 1, "tags": [ [ "t", "cybersecurity" ], [ "t", "phishing" ], [ "t", "malware" ], [ "r", "“SignedConnection.zip" ], [ "r", "https://www.infosecurity-magazine.com/news/ta455s-iranian-dream-job-campaign/" ], [ "r", "https://thehackernews.com/2024/11/iranian-hackers-use-dream-job-lures-to.html" ] ], "content": "TA455’s Iranian Dream Job Campaign Targets Aerospace with Malware\n\nA complex phishing campaign attributed to the Iranian-linked threat actor TA455, has been observed using sophisticated techniques to impersonate job recruiters on LinkedIn and other platforms.\n\nClearSky Cyber Security released the report today, which outlines TA455’s methods, targets and infrastructure.\n\nThe campaign, active since at least September 2023, begins with a spear phishing approach in which TA455 lures individuals with fake job offers. Using LinkedIn to gain trust, the attackers prompt victims to download a ZIP file titled “SignedConnection.zip,” which was flagged as malicious by five antivirus engines.\n\nThis ZIP file contains an EXE file designed to load malware into the victim’s system through DLL side-loading, where a malicious DLL file called “secur32[.]dll” is loaded instead of a legitimate one, allowing the attacker to run undetected code within a trusted process.\n\nSee more\nInfosecurity magazine: https://www.infosecurity-magazine.com/news/ta455s-iranian-dream-job-campaign/\n\nThe Hackers News:\nhttps://thehackernews.com/2024/11/iranian-hackers-use-dream-job-lures-to.html\n\n#cybersecurity #phishing #malware", "sig": "bb51e0504ba7aa25d71f0013dc64d6b274b419a303250f70fc0e7e27841cacb38a19862d61ac99683b2a808b6b5bc3e88507640b82d06ad1f3fc12eb7e55850e" }