Skip to main content

Hackers have turned their attention to the researchers hunting them down

representational image of a cloud firewall
(Image credit: Pixabay)

A state-sponsored cybercrime group from North Korea has kicked off a new campaign targeting cybersecurity researchers, says Google.

According to a new report from the company’s Threat Analysis Group (TAG), the attackers have created a fake offensive security company called “SecuriElite”, offering penetration testing, software security assessments and exploits. 

The group also set up a whole slew of fake social media accounts across various channels, including Twitter and LinkedIn, as well as a fake website, all with the goal of establishing credibility in the cybersecurity industry.

All of these techniques are designed as a lure, to get cybersecurity researchers interested in the fake company's “work”.

The website is yet to serve malicious content to anyone, Google said, but has been added to Google Safebrowsing anyway.

Distributing zero-days

According to a ZDNet report, the modus operandi is pretty clear: after setting up their online presence and establishing themselves as “experts”, the attackers reach out to their targets and offer to collaborate on cybersecurity research. 

If the victim accepts, the group either sends them a malicious Visual Studio project carrying a backdoor or redirects them to a blog filled with malicious code and different browser exploits.

These are known state-sponsored actors, Google claims. The same group is said to have used a similar zero-day back in January.

All of the malicious social media accounts identified have been reported to their respective platforms, and should be taken down sooner rather than later.

Via ZDNet