TA455 Carries Out Dream Job Campaign Against The Aerospace Industry

"ClearSky Cyber Security uncovered an ""Iranian Dream Job campaign"" by Iranian threat actor TA455 targeting the aerospace industry with fake job offers. This campaign deployed SnailResin malware which activates the SlugResin backdoor. Active since September 2023 this campaign uses LinkedIn profiles and fake recruiting sites like Careers 2 Find to lure targets distributing a ZIP file with malicious files via a website posing as a job recruitment platform. Victims are tricked into running an EXE file that side-loads a DLL to infect their systems and establish command-and-control through GitHub-stored addresses."