Hackers from the Lazarus Group are sending malware-laden files disguised as work performance review requests to employees of various organizations. Opening these files allows the malware to infiltrate the individual’s computer and the organization’s network, where it begins to collect information and control operations. Recently, Kaspersky, a cybersecurity company, warned of such attacks targeting employees of a nuclear facility in Brazil and an organization in Vietnam. The company has advised strengthening cybersecurity measures to prevent such attacks. Kaspersky shared this information in a press release on Thursday.
According to Kaspersky, the Lazarus Group’s “Operation Dreamjob” cyber attack has been ongoing for over five years. However, hackers have recently adopted new tactics to deceive internet users and launch malware attacks. According to a recent report from Kaspersky’s Global Research and Analysis Team, the hackers are currently targeting employees in technology departments of various organizations by tempting them to participate in a “skill assessment test” for free, which is actually a method to spread the CookiePlus malware.
Cybersecurity expert Sojun Ryu from Kaspersky’s Global Research and Analysis Team explained that through Operation Dreamjob, sensitive information from an organization’s systems is collected, which could potentially be used for identity theft or espionage. This makes such cyber attacks a significant security threat. Due to the use of advanced technologies and techniques, the malware’s activities are difficult to detect easily.
