The Lazarus APT group is leveraging social engineering tactics known as ClickFix to deceive job seekers into executing malicious code during fake video interviews. This technique aims to infiltrate devices and spread malware under the guise of legitimate recruitment processes. Tools like Validin are being used to locate associated infrastructure and mitigate the risks. Affected: job seekers, companies, cybersecurity sector
Keypoints :
- Lazarus APT, linked to North Korea, is employing ClickFix social engineering tactics to propagate malware.
- The campaign targets job seekers by disguising malware delivery as part of a fake job interview process.
- ClickFix uses deceptive dialogue boxes to trick users into running malicious code on their devices.
- The Contagious Interview campaign began in December 2022, involving actors posing as recruiters.
- Victims are encouraged to download malware disguised as backdoor software during their interactions.
- Validin is utilized to hunt and identify the infrastructure connected to Lazarus APTβs campaigns.
- Indicators of Compromise (IOCs) linked to this campaign are being shared for better threat detection.
MITRE Techniques :
- Tactic: Initial Access (TA0001) β Procedure: ClickFix social engineering abuses job applications to deliver malware.
- Tactic: Execution (TA0002) β Procedure: Users paste and run malicious code that installs malware on their devices.
- Tactic: Credential Access (TA0006) β Procedure: Through fake interviews, attackers aim to gain sensitive information about candidates.
- Tactic: Command and Control (TA0011) β Procedure: Establishing persistent access through backdoor malware installations.
Indicator of Compromise :
- [Domain] willointerview[.]com
- [Domain] videoscreening[.]org
- [Domain] blockchain-assess[.]com
- [Domain] app[.]videoscreening[.]org
- [Domain] www[.]talentassesspro[.]com
Full Story: https://www.validin.com/blog/inoculating_contagious_interview_with_validin/