ESET is Forewarning of Lazarus’ New Advanced Malware ‘LightnessCan’
In the relentless realm of cyber warfare, the Lazarus Group, a North Korean hacking collective, has once again raised its formidable head. This time, they’ve unveiled a new weapon in their arsenal – a sophisticated malware known as “LightlessCan.” In this article, we delve into the intricacies of LightlessCan, its potential implications, and the ever-evolving landscape of cyber espionage.
The Lazarus Group has long been a thorn in the side of cybersecurity experts, known for its audacious cyberattacks on various targets worldwide. Their modus operandi often involves luring unsuspecting victims with promises of lucrative job opportunities, which has borne substantial success for the group.
LightlessCan, the malware du jour of the Lazarus Group, has sent shockwaves through the cybersecurity community. According to Peter Kálnai, a senior malware researcher at ESET, LightlessCan is a significant advancement compared to its predecessor, BlindingCan. It poses a unique challenge for cybersecurity professionals, as it can stealthily execute a wide range of native Windows commands within its framework, evading real-time monitoring solutions and postmortem digital forensic tools.
Kálnai further notes that LightlessCan employs what he calls “execution guardrails.” This security feature ensures that the malware can only be decrypted on the intended victim’s machine, thwarting any unintended decryption attempts by security researchers. Such intricate and robust security measures make LightlessCan a formidable adversary in the cyber battlefield.
One instance of LightlessCan’s deployment occurred in an attack on a Spanish aerospace firm. An unsuspecting employee received a message from a fictitious Meta recruiter named Steve Dawson in 2022. Subsequently, the hackers sent coding challenges embedded with the malware, marking the commencement of cyber espionage to acquire sensitive information.
This revelation is a stark reminder of the Lazarus Group’s capabilities and audacity in exploiting unsuspecting victims. Over the years, North Korean hackers have stolen an estimated $3.5 billion from cryptocurrency projects, as reported by blockchain forensics firm Chainalysis in September 2022. These ill-gotten gains are believed to be funnelled into supporting North Korea’s nuclear missile program, making the situation all the more alarming.
Furthermore, cybersecurity firm SentinelOne uncovered a fake job scam on LinkedIn in September 2022. This operation, dubbed “Operation Dream Job,” aimed to trap potential victims with promises of employment at Crypto.com, a well-known cryptocurrency platform. The Lazarus Group’s adaptability and persistence are evident as they refine their tactics.
On the international front, the United Nations has diligently worked to curb North Korea’s cybercrime activities, recognising the link between stolen funds and the regime’s nuclear missile programme. This concerted effort highlights the global concern over the Lazarus Group’s activities and the need for collaborative measures to thwart their cyber espionage endeavours.
In conclusion, the emergence of LightlessCan underscores the ever-evolving nature of cyber threats posed by groups like the Lazarus Group. It serves as a wake-up call to individuals and organisations to remain vigilant against the ever-present danger of cyberattacks. As the cybersecurity landscape continues to evolve, so must our collective efforts to defend against these malicious actors who operate in the shadows of the digital world.
