Active since September 2019 and still ongoing, Operation In(ter)ception hit companies in Europe and the Middle East through fake accounts on LinkedIn that posted bogus job offers. The attacks appear to have been focused mainly on espionage, but a business email compromise attempt was also discovered.
The threat actor behind these attacks remains unknown, but ESET believes it could be linked to the infamous North Korean state-sponsored group Lazarus, based on targeting, the use of fake LinkedIn accounts, development tools, and anti-analysis methods. Furthermore, one of the observed stage 1 malware variants carried a sample of Lazarus-attributed NukeSped.
