A North Korean government-backed campaign targeting cybersecurity researchers with malware has re-emerged with new tactics in their arsenal as part of a fresh social engineering attack.
In an update shared on Wednesday, Google's Threat Analysis Group said the attackers behind the operation set up a fake security company called SecuriElite and a slew of social media accounts across Twitter and LinkedIn in an attempt to trick unsuspecting researchers into visiting the company's booby-trapped website "where a browser exploit was waiting to be triggered."
"The new website claims the company is an offensive security company located in Turkey that offers pentests, software security assessments and exploits," TAG's Adam Weidemann said. The website is said to have gone live on March 17.
A total of eight Twitter profiles and seven LinkedIn profiles, who claimed to be vulnerability researchers and human resources personnel at different security firms (including Trend Macro, inspired by Trend Micro), were created for this purpose, with a few others posing as the chief executive officer and employees at the fictitious company. All the accounts have since been suspended.
As a precaution, Google has added the website's URL to its Safebrowsing blocklist service to prevent accidental visits, even though the site hasn't been found to serve any malicious content.
The campaign was initially flagged by TAG in January 2021, when it came to light that the adversary had created a research blog and multiple profiles on various social media platforms such as Twitter, LinkedIn, Telegram, Discord, and Keybase in a bid to communicate with the researchers and build trust, only to deploy a Windows backdoor that came in the form of a trojanized Visual Studio Project.
Full article on https://thehackernews.com/2021/03/hackers-set-up-fake-cybersecurity-firm.html
#hacker #security #firm #northkorea #yokdata #blog