Beware: that dream job offer could be malware sent by Iranian hackers


  • Iranian state-sponsored actors target space professionals with fake jobs
  • The goal is to install backdoors and exfiltrate important data
  • The style mimics that of Lazarus, a well-known North Korean actor

Iranian state-sponsored hackers have been observed targeting victims in the aerospace industry with fake job offers, resulting in the deployment of the SnailResin malware, as part of their cyber espionage campaign.

Cybersecurity researchers at ClearSky revealed how the threat actor known as TA455 created fake recruitment sites and fake profiles on social media sites like LinkedIn. Then they approached their goals and had them download files as part of the onboarding process.