TA455’s Iranian Dream Job Campaign Targets Aerospace with Malware

A complex phishing campaign attributed to the Iranian-linked threat actor TA455, has been observed using sophisticated techniques to impersonate job recruiters on LinkedIn and other platforms.

ClearSky Cyber Security released the report today, which outlines TA455’s methods, targets and infrastructure.

The campaign, active since at least September 2023, begins with a spear phishing approach in which TA455 lures individuals with fake job offers. Using LinkedIn to gain trust, the attackers prompt victims to download a ZIP file titled “SignedConnection.zip,” which was flagged as malicious by five antivirus engines.

This ZIP file contains an EXE file designed to load malware into the victim’s system through DLL side-loading, where a malicious DLL file called “secur32[.]dll” is loaded instead of a legitimate one, allowing the attacker to run undetected code within a trusted process.

See more
Infosecurity magazine: https://www.infosecurity-magazine.com/news/ta455s-iranian-dream-job-campaign/

The Hackers News:
https://thehackernews.com/2024/11/iranian-hackers-use-dream-job-lures-to.html

#cybersecurity #phishing #malware