North Korean hackers return, target infosec researchers in new operation


In January, Google and Microsoft outed what they stated was North Korean government-sponsored hackers focusing on safety researchers. The hackers spent weeks utilizing pretend Twitter profiles—purportedly belonging to vulnerability researchers—earlier than unleashing an Internet Explorer zero-day and a malicious Visual Studio Project, each of which put in customized malware.

Now, the identical hackers are again, a Google researcher said on Wednesday, this time with a new batch of social media profiles and a pretend firm that claims to supply offensive safety companies, together with penetration testing, software program safety assessments, and software program exploits.

Once extra with feeling

The homepage for the pretend firm is modern and appears no completely different from numerous actual safety corporations all around the world.

The hackers additionally cooked up greater than a dozen new social media profiles that presupposed to belong to recruiters for safety corporations, safety researchers, and varied staff of SecuriElite, the pretend safety firm. The work that went into creating the profiles was pretty spectacular.

Next-level trolling

My favourite is that this Twitter profile of @seb_lazar, which presumably corresponds to Sebastian Lazarescue, one of many pretend researchers working for the pretend SecuriElite.

Security folks all know that Lazarus is the identify used to determine hackers backed by the North Korean authorities. Developing detailed Twitter and LinkedIn profiles for a researcher along with your pretend safety firm, naming him Sebastian Lazarescue, and having him retweeting a number of top-flight safety researchers—some who work for Google—is next-level trolling.

Adam Weidemann, a researcher with Google’s Threat Analysis Group, cautions that the hackers’ previous success in luring researchers to web sites internet hosting an IE zero-day means the group must be taken severely.

“Based on their activity, we continue to believe that these actors are dangerous, and likely have more 0-days,” he wrote.





Source link