North Korean hackers return, target infosec researchers in new operation

In January, Google and Microsoft outed what they mentioned was North Korean govt-sponsored hackers concentrating on stability researchers. The hackers expended weeks employing phony Twitter profiles—purportedly belonging to vulnerability researchers—before unleashing an Internet Explorer zero-day and a malicious Visual Studio Challenge, each of which put in custom made malware.

Now, the exact same hackers are back again, a Google researcher claimed on Wednesday, this time with a new batch of social media profiles and a faux firm that promises to give offensive safety products and services, including penetration screening, application stability assessments, and software program exploits.

The moment additional with sensation

The homepage for the faux organization is modern and seems no different from numerous genuine safety organizations all over the entire world.

The hackers also cooked up more than a dozen new social media profiles that purported to belong to recruiters for safety businesses, stability researchers, and a variety of staff members of SecuriElite, the bogus stability corporation. The get the job done that went into developing the profiles was pretty spectacular.

Next-amount trolling

My most loved is this Twitter profile of @seb_lazar, which presumably corresponds to Sebastian Lazarescue, just one of the phony scientists performing for the faux SecuriElite.

Security men and women all know that Lazarus is the identify applied to determine hackers backed by the North Korean federal government. Creating specific Twitter and LinkedIn profiles for a researcher with your bogus safety corporation, naming him Sebastian Lazarescue, and getting him retweeting lots of top-flight protection researchers—some who operate for Google—is upcoming-amount trolling.

Adam Weidemann, a researcher with Google’s Menace Examination Group, cautions that the hackers’ previous achievements in luring researchers to internet sites web hosting an IE zero-day signifies the group should be taken critically.

“Based on their activity, we go on to consider that these actors are harmful, and probable have far more -days,” he wrote.

Leave a Reply