Hackers with links to North Korea are targeting U.S. military contractors with malware-infected files, Palo Alto Networks reports.
The hackers used similar methods as the Lazarus group, a collective of hackers thought to be sponsored by North Korea, who attacked Sony Pictures Entertainment. This unidentified group of hackers sent malware-laced files to contractors disguised as job ads. One of which was for a management position with the Terminal High Altitude Area Defense or THAAD system that the U.S. and South Korea are constructing now to protect against missile attacks.
"Recently, we've identified weaponized Microsoft Office Document files which use the same malicious macros as attacks from earlier this year," Anthony Kasza wrote for Palo Alto Networks. "Based on the contents of these latest decoy documents which are displayed to a victim after opening the weaponized document the attackers have switched targets from Korean language speakers to English language speakers. Most notably, decoy document themes now include job role descriptions and internal policies from US defense contractors."
The researchers at Palo Alto Networks concluded that "the group behind this campaign is either directly responsible for or has cooperated with" the Lazarus group.
The report includes an image of a "decoy document" advertising a job as "Director, Sales & BD, Mission EQuipment (sic)" in San Diego, California.
"The techniques and tactics the group uses have changed little in recent attacks," the report concludes. "Tool and infrastructure overlaps with previous campaigns are apparent. Given that the threat actors have continued operations despite their discovery and public exposure it is likely they will continue to operate and launch targeted campaigns."
© 2025 Newsmax. All rights reserved.