In January, Google and Microsoft outed what they mentioned was North Korean government-sponsored hackers targeting safety researchers. The hackers spent weeks employing fake Twitter profiles—purportedly belonging to vulnerability researchers—before unleashing an Internet Explorer zero-day and a malicious Visual Studio Project, each of which installed custom malware.
Now, the very same hackers are back, a Google researcher said on Wednesday, this time with a new batch of social media profiles and a fake firm that claims to supply offensive safety solutions, which includes penetration testing, software program safety assessments, and software program exploits.
Once a lot more with feeling
The homepage for the fake firm is sleek and appears no diverse from numerous actual safety organizations all more than the globe.
The hackers also cooked up a lot more than a dozen new social media profiles that purported to belong to recruiters for safety organizations, safety researchers, and numerous personnel of SecuriElite, the fake safety firm. The perform that went into making the profiles was relatively impressive.
My favourite is this Twitter profile of @seb_lazar, which presumably corresponds to Sebastian Lazarescue, a single of the fake researchers operating for the fake SecuriElite.
Security men and women all know that Lazarus is the name employed to determine hackers backed by the North Korean government. Developing detailed Twitter and LinkedIn profiles for a researcher with your fake safety firm, naming him Sebastian Lazarescue, and possessing him retweeting lots of leading-flight safety researchers—some who perform for Google—is subsequent-level trolling.
Adam Weidemann, a researcher with Google’s Threat Analysis Group, cautions that the hackers’ previous accomplishment in luring researchers to web sites hosting an IE zero-day signifies the group ought to be taken seriously.
“Based on their activity, we continue to think that these actors are unsafe, and most likely have a lot more -days,” he wrote.