1 April 2021

Suspected North Korean hackers are continuing to target security researchers with malware


Suspected North Korean hackers are continuing to target security researchers with malware

In January 2021, Google’s Threat Analysis Group published a report detailing a cyber-espionage campaign carried out by a North Korea-linked threat actor that was targeting security experts involved in vulnerability research and development at different companies and organizations and it appears that the campaign is still ongoing.

The cyber-espionage operation involved the hackers using a number of tricks to gain victims’ trust, mostly by posing as researchers themselves. The attackers created their own research blogs containing analysis of vulnerabilities that had been publicly disclosed, and set up multiple Twitter profiles where they posted links to their blog and published videos of their claimed exploits.

In a new report on this threat Google said that in March 2021 the same attackers set up a new website with associated social media profiles for a fake company called “SecuriElite,” which allegedly provided security services, such as pentests, software security assessments and exploits.

This web site had a link to the threat actor’s PGP public key, which in previous attacks acted as the lure to visit the malicious site containing a browser exploit.

“The attacker’s latest batch of social media profiles continue the trend of posing as fellow security researchers interested in exploitation and offensive security. On LinkedIn, we identified two accounts impersonating recruiters for antivirus and security companies. We have reported all identified social media profiles to the platforms to allow them to take appropriate action,” Google said.

The researchers said that they have not observed the new attacker website deliver malicious content, but they have added it to Google Safebrowsing as a precaution.

“Based on their activity, we continue to believe that these actors are dangerous, and likely have more 0-days. We encourage anyone who discovers a Chrome vulnerability to report that activity through the Chrome Vulnerabilities Rewards Program submission process,” Google said.

Back to the list

Latest Posts

Member of FIN7 cybercrime group sentenced to 10 years in prison

Member of FIN7 cybercrime group sentenced to 10 years in prison

Fedir Hladyr served as a manager and systems administrator for FIN7.
19 April 2021
NSA, CISA and FBI expose 5 security vulnerabilities exploited by nation-state hackers

NSA, CISA and FBI expose 5 security vulnerabilities exploited by nation-state hackers

Russia-linked hackers are using vulnerabilities in popular enterprise equipment to gain access to corporate networks.
19 April 2021
WordPress says it will treat Google’s FLoC ad tracking technology as security issue

WordPress says it will treat Google’s FLoC ad tracking technology as security issue

While FLoC is more private than cookies, security experts argue that the technology could pose a risk to privacy if not implemented right.
19 April 2021