We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
Talent Need Not Apply: Tradecraft and Objectives of Job-themed APT Social Engineering
Learn how threat actors use job-themed social engineering tactics to compromise organizations and individuals.
- Traditional social engineering tactics are still effective, with 21% of people likely to change jobs in the next 12 months, making them potential targets.
- The Lockheed Martin careers website was spoofed by Black Artemis, creating a convincing fake website.
- North Korea-based threat actor Black Artemis and YellowDev13 use AI-generated images for personas on LinkedIn and other social media platforms.
- Black Artemis targets U.S. veterans, finance, and cryptocurrency entities, while YellowDev13 targets specific individuals with job opportunities.
- Black Alicanto is a financially motivated threat actor that targets journalists and others of interest.
- Apply Talents and Careers Finder are recruitment company impersonators, with the same UK-based phone number and similar profiles.
- Threat actors use various tactics, including lnk files, mshta.exe, and kabachloader, to deliver malware.
- Metadata can be used to detect this activity, such as the machine ID in lnk files.
- Iran-based threat actors also use HR-themed social engineering tactics, targeting entities in the Middle East and Russia.
- The Lazarus Group, a North Korea-based APT, has been attributed to the compromise of Web 3.0 company Axie Infinity, resulting in a $625 million loss.
- The US Treasury Department has released advisories about North Korean IT workers seeking jobs abroad, often under fake identities.
- Traditional antivirus software may not detect these tactics, as they are not malicious in and of themselves, but rather are used to deliver malware.