Talent Need Not Apply: Tradecraft and Objectives of Job-themed APT Social Engineering

2022-08-11 • PWC •

http://i.blackhat.com/USA-22/Thursday/US-22-Wikoff-Talent-Need-Not-Apply.pdf

#DreamJob #Inception #BlackArtemis #BlackAlicanto

Attachments

US-22-Wikoff-Talent-Need-Not-Apply.pdf (3 MB)

Thumbnail for Talent Need Not Apply: Tradecraft and Objectives of Job-themed APT Social Engineering

PwC's Black Hat USA presentation examines job-themed social engineering used by advanced threat actors, with particular attention to North Korea-linked activity tracked as Black Artemis or temp.Hermit. The material describes malicious recruiter-style lures, dream-job themes, and attachments aimed at sectors such as aerospace, defense industrial base, and manufacturing. It uses the campaign evolution to explain initial-access tradecraft, attacker motives, and recognition of social-engineering attempts that exploit employment anxiety and professional opportunity.

Indicators of Compromise

Type	Value	First Seen	Last Seen
DOMAIN	mail.daiwa-inv.com	2022-08-11	2022-08-11
DOMAIN	lm-careers.com	2022-08-11	2022-08-11
DOMAIN	ny.silvergatehr.com	2022-08-11	2022-08-11
DOMAIN	applytalents.com	2022-08-11	2022-08-11
DOMAIN	careers-finder.com	2022-08-11	2022-08-11
DOMAIN	global-job.org	2022-05-05	2022-08-11
DOMAIN	indeedus.org	2022-03-24	2022-08-11

Related Actors

Black Alicanto

PWC

Crypto Core

First seen: Sep 2021

Last seen: Apr 2023

Black Artemis

PWC

Lazarus

First seen: Mar 2020

Last seen: Apr 2023

Related Reports

2023-04-12 • 50% Match

Cyber Threats 2022: A Year in Retrospect

PWC

#Trend #SnatchCrypto #BlackDev2 #BlackArtemis #BlackAlicanto #T1140 #T1560 #T1204.002 #T1071 #T1547.001 #T1053.005 #T1059.001 #T1219 #T1574.002 #T1133 #T1557 #T1090.001 #T1560.001 #T1021.002 #T1543.003 #T1505.003 #T1048.002

Shares tags: BlackArtemis, BlackAlicanto • Same author: PWC

2021-09-08 • 50% Match

Bitcoin is silver, compromise is gold: Emerging North Korea-based threat actors on the hunt for cryptocurrency

PWC

#Cryptocurrency #Youtube #BlackDev2 #BlackArtemis #BlackAlicanto

Shares tags: BlackArtemis, BlackAlicanto • Same author: PWC

2022-04-29 • 45% Match

Cyber Threats 2021: A Year in Retrospect

PWC

#Trend #BlackBanshee #BlackAlicanto #T1082 #T1059.003 #T1090 #T1005 #T1070.004 #T1041 #T1113 #T1555 #T1560 #T1071.001 #T1112 #T1083 #T1204.001 #T1036 #T1027 #T1204.002 #T1071 #T1124 #T1204 #T1057 #T1059.005 #T1566.001 #T1547.001 #T1053.005 #T1132.001 #T1566 #T1059 #T1003 #T1105 #T1620 #T1486 #T1135 #T1078 #T1548 #T1190 #T1592 #T1049 #T1087 #T1589 #T1074.001 #T1591 #T1547 #T1068 #T1573 #T1095 #T1048 #T1608 #T1070 #T1056 #T1036.007 #T1614.001 #T1033 #T1110 #T1221 #T1132 #T1570 #T1021 #T1615 #T1482 #T1210 #T1069 #T1595 #T1039 #T1016.001

Shares tag: BlackAlicanto • Same author: PWC

2021-02-28 • 40% Match

Cyber Threats 2020: A Year in Retrospect

PWC

#AppleSeed #BlackBanshee #BlackArtemis #VeraPort #ShowState #BlackShoggoth #T1082 #T1140 #T1005 #T1070.004 #T1041 #T1083 #T1056.001 #T1036 #T1027 #T1071 #T1204 #T1057 #T1547.001 #T1566 #T1059 #T1195 #T1490 #T1486 #T1489 #T1133 #T1068 #T1221 #T1187

Shares tag: BlackArtemis • Same author: PWC

2020-09-09 • 40% Match