The Lazarus group have been identified as the primary candidate for targeting European and Middle East aerospace and military businesses. Targeting employees through LinkedIn, for espionage. The attacks are well thought through and orchestrated (you’d expect as much if you’re targeting the employees of aerospace and military companies), and what better platform to use for phase 1 of an attack. Sending innocuous friend invites from fake accounts which include links loaded with malicious content. The attacks are complex and the different stages of the attack use various techniques to hide code, avoid AV and use ‘living of the land’ (a great phrase) techniques to reduce the foot print of the malicious code.
This appears to be a sophisticated threat targeting the aerospace and military sector. Organisations who develop, deliver, maintain and use weapon systems at and for state level clients. A threat which maybe difficult to identify and manage even for the most mature cyber complaint organisations. I wonder how many are US defence contractors and where appropriate DFARS 48 CFR § 252.204-7012 compliant?