North Korean hackers return, target infosec researchers in new operation

North Korean hackers return, target infosec researchers in new operation

In January, Google and Microsoft outed what they mentioned was North Korean government-sponsored hackers targeting safety researchers. The hackers spent weeks employing fake Twitter profiles—purportedly belonging to vulnerability researchers—before unleashing an Internet Explorer zero-day and a malicious Visual Studio Project, each of which installed custom malware.

Now, the very same hackers are back, a Google researcher said on Wednesday, this time with a new batch of social media profiles and a fake firm that claims to supply offensive safety solutions, which includes penetration testing, software program safety assessments, and software program exploits.

Once a lot more with feeling

The homepage for the fake firm is sleek and appears no diverse from numerous actual safety organizations all more than the globe.

The hackers also cooked up a lot more than a dozen new social media profiles that purported to belong to recruiters for safety organizations, safety researchers, and numerous personnel of SecuriElite, the fake safety firm. The perform that went into making the profiles was relatively impressive.

Next-level trolling

My favourite is this Twitter profile of @seb_lazar, which presumably corresponds to Sebastian Lazarescue, a single of the fake researchers operating for the fake SecuriElite.

Security men and women all know that Lazarus is the name employed to determine hackers backed by the North Korean government. Developing detailed Twitter and LinkedIn profiles for a researcher with your fake safety firm, naming him Sebastian Lazarescue, and possessing him retweeting lots of leading-flight safety researchers—some who perform for Google—is subsequent-level trolling.

Adam Weidemann, a researcher with Google’s Threat Analysis Group, cautions that the hackers’ previous accomplishment in luring researchers to web sites hosting an IE zero-day signifies the group ought to be taken seriously.

“Based on their activity, we continue to think that these actors are unsafe, and most likely have a lot more -days,” he wrote.

Related posts

Trump admin. agrees to pay Pfizer $1.95B for 100M more vaccine doses


With turbopump issues “sorted out,” BE-4 rocket engine moves into production


Merck/J&J deal may help US get enough vaccine for all adults by end of May


NASA releases “exhilarating” image of Mars rover just above the planet


WW1984 lassos solid box office return, record downloads for HBO Max


Vaccine czar calls on Trump to permit contact with Biden


Leave a Comment