LightlessCan Malware

In this incident, the threat actors assumed the guise of a recruiter affiliated with Meta (formerly Facebook) to target the companys employees. These employees were contacted through LinkedIn by the fraudulent recruiter and subsequently deceived into downloading and opening a threatening executable file. The attackers use the promise of attractive job opportunities as bait to initiate the infection chain, with the ultimate goal of compromising their targets systems and data. The attack chain begins when the targeted individual is sent a message via LinkedIn from a fraudulent recruiter claiming to represent Meta Platforms. They successfully convinced the victim to execute these test files, which are hosted on a third-party cloud storage platform and named Quiz1.iso and Quiz2.iso.