Cyberattackers are impersonating a type of person who’s difficult to ignore: a recruiter saying that you’re just the right person for a new, impressive job.

At this year’s virtual ESET World conference, Jean-Ian Boutin, director of threat research at the AV provider ESET, reviewed a series of recent attempts to lure target organizations—specifically aerospace and defense companies—with bogus LinkedIn profiles and “better, high-paying” job offers.

The impersonations are believed to be cyber-espionage efforts by the North Korea-linked hacker group, Lazarus. Lazarus cyberattackers have been suspected of sending malware since at least 2014. In 2020, McAfee discovered a series of malware-containing posts meant to lure targeted defense contractors into downloading a data-gathering implant. In February of this year, Qualys revealed how the cyber-criminal group has been targeting job seekers with fake Lockheed Martin job offers.

In the cases presented by Boutin, the primary motivation of the Lazarus group appears to be the exfiltration of aerospace and defense data.

“They’re doing cyber-espionage in this field to actually try to close the technical gap that they might have in some of their technology, because they don’t have the means to acquire it,” Boutin said in a Q&A at ESET 2022 after his presentation.

Campaign season. Boutin detailed two new campaigns in his presentation, which was titled, “Worldwide Aerospace and Defense Contractors Under Attack by Lazarus”:

Sep. 2021: An attacker posing as an Amazon recruiter approached a defense contractor in the Netherlands, according to Boutin’s report (and ESET’s telemetry information). An attached job application from the Amazon faker, in fact, contained a malicious remote template.

Jan. 2022: Using a LinkedIn profile to impersonate a job recruiter from BAE Systems, an attacker targeted a defense company in Turkey. The attack used an encrypted archive known as an RAR file to send the malicious components, and the downloader payload itself was hosted on GitHub—an intriguing choice, according to Boutin. “The use of GitHub is interesting, because it just shows that the threat actor is trying to use all legitimate services and abuse them as much as they can to make their campaign as legitimate as they can be,” Boutin said during the presentation.

Read the rest here.—BH

Do you work in IT or have information about your IT department you want to share? Email [email protected] or DM @BillyHurls on Twitter.

IT/OT convergence promises to help enterprises and infrastructure unlock the power of data analytics for everything from simplified process control to manufacturing efficiency and asset management—or that’s the dream, so long as long-standing organizational practices don’t get in the way.

While reams of incomprehensible spreadsheets and information silos can be a major headache, they’re not the only human factor to worry about. Culture clashes between office-dwelling IT teams and their OT counterparts on the factory, infrastructure, or logistics floor can also be a significant obstacle to effective integration, experts told IT Brew.

White collars vs. hard hats. One of the biggest issues is that IT and OT have different functions and incentives. In practice, this can create difficulties ranging from executive priorities to less-than-ideal collaboration between rank-and-file members of both departments.

McKinsey associate partner Michael Chang wrote in an email to IT Brew that one example is in electronics manufacturing services, where processes can be “vastly different,” such as OT’s budget falling to manufacturing business units and IT operating as a cost center with a short money leash.

“In Japan, for example, CIOs operate more independently and focus on large scale ERP [enterprise resource planning] and upgrading or migrating core tech systems, which take time to mold and shift their digital vision to put the same emphasis on IT/OT use cases,” Chang added. “Culturally, OT teams can feel that the IT team lacks operational and manufacturing expertise in order to contribute to the design of use cases, while the IT team can often feel OT is blind to the rest of the technology stack.”

Read more here.—TM

Do you work in IT or have information about your IT department you want to share? Email [email protected] or DM @thetomzone on Twitter. Want to go encrypted? Ask Tom for his Signal.

Today’s top IT reads.

Stat: 5,000. That’s the number of SIM cards used by a bot farm spreading Russian propaganda, which was shut down by the Security Service of Ukraine, the country’s intelligence agency. (PCMag)

Quote: “For Mac users, this means a significant boost in performance, ensuring efficient use of device resources and an optimized Teams experience even when using multiple high-resolution monitors during calls or meetings.”—a statement from Microsoft announcing an Apple silicon-compatible version of its Teams workplace and videoconferencing tool (Microsoft)

Read: Companies like Twitter are drastically altering their office plans, even closing some entirely, in response to the shift to more remote work. (Wired)

Learn: Become more data-driven with the Brew’s Business Analytics Accelerator. You’ll learn how to analyze data for better decision-making so you get buy-in for your ideas. It starts Sept. 6, so apply today!