Iranian Hackers Target Aerospace Sector with Malware Campaign

Iranian Hackers Use Fake Job Offers to Spread Malware in Aerospace Sector. Iranian state-sponsored hackers, identified as TA455, are employing tactics similar to those of North Korean cybercriminals to target the aerospace industry. By creating fake job offers on LinkedIn and using malicious domains, they entice job seekers to download malware known as SnailResin. This campaign mirrors North Korean methods, including DLL side loading attacks, and utilizes Cloudflare to obscure command-and-control infrastructure, complicating detection efforts. The malware is often disguised in ZIP files labeled as job-related documents, exploiting trust-based platforms to bypass traditional security measures.