A North Korean cyber espionage group is using phishing campaigns to target employees in the US aerospace and energy sectors. North Korean APT groups have been active for many years and continue to pose a threat to global cybersecurity. Temp.Hermit (aka UNC2970) is thought to be connected to the Lazarus Group and has been active since 2022 performing phishing activities aimed at employees working in the US technology sector.
However, in 2024, they are seen posing as recruiters from well-known companies in the aerospace and energy sectors and sending out job postings laced with malware. The latest wave of attacks includes realistic profiles based on real people and real companies and improved malware.
Key Judgment 1. North Korea is highly likely to continue espionage operations with the purpose of stealing sensitive information and gathering intelligence on US critical infrastructure.
Key Judgment 2. The scope of Temp.Hermit targets will likely expand to other sectors of US critical infrastructure and defence.
Key Judgment 3. The sophistication of the Temp.Hermit techniques will likely continue to evolve and become harder to detect.
