Iranian hackers are following a similar tactic used by North Korea in a fake job campaign targeting the aerospace industry. The operation is being orchestrated by TA455, an Iranian threat actor, and has been in action since at least September 2023. The group is associated with Iran’s Islamic Revolutionary Guard Corps (IRGC). In the attacks, job-related lures deliver backdoors to victims and distribute the SnailResin malware. The operation has been aimed at Middle Eastern aerospace industries, specifically including Israel and India. The series of attacks very similarly resembles one conducted by the Lazarus Group, a North Korean affiliated actor. 

Read more: https://thehackernews.com/2024/11/iranian-hackers-use-dream-job-lures-to.html