Security researchers have recently discovered that Linux users targeted with malware in the new “Operation DreamJob” Lazarus campaign for the first time.
The group behind DreamJob deploys social engineering tactics with the guise of fake job offers as lures to compromise its targets.
Experts could reconstruct the complete sequence by tracing the chain from a false HSBC job offer in a ZIP file to the distribution of the SimplexTea Linux backdoor via an OpenDrive cloud storage account.
This North Korea-linked threat actor’s use of Linux malware in this operation is publicly mentioned for the first time. This discovery also enabled experts to confirm that Lazarus was responsible for the 3CX supply-chain attack.
