قالب وردپرس درنا توس
Home / Technology / North Korean hackers are targeting security researchers again

North Korean hackers are targeting security researchers again



Google: North Korean hackers target security researchers again

Google’s Threat Analysis Group (TAG) says North Korean government – sponsored hackers are once again targeting security researchers using fake Twitter and LinkedIn social media accounts.

The hackers also created a website for a fake company called SecuriElite (located in Turkey) and reportedly offers offensive security services that Google’s security team focused on hunting down state-sponsored hackers discovered on March 17.

All LinkedIn and Twitter accounts created by the North Korean hackers and associated with this new campaign were reported by Google and are now disabled.

Just as in the attacks discovered in January 2021

, this site also hosted the attackers’ PGP public key, which was used as bait to infect security researchers with malicious software after triggering a browser exploit when opening the page.

SecuriElite website
SecuriElite website

However, the attacks were discovered in its early stages since the SecuriElite website was not yet set up to deliver harmful payloads.

“At this time, we have not observed that the new attacker site is serving malicious content, but we have added it to Google Safebrowsing as a precaution,” said Adam Weidemann of Threat Analysis Group.

“Based on their activity, we continue to believe that these players are dangerous and probably have more 0-days.

“We encourage anyone who discovers a Chrome vulnerability to report that activity through the Chrome Vulnerabilities Rewards Program submission process.”

Fake online security researchers
Fake online security researchers (Google)

Lazarus targets scientists with zero-day malware

In January, North Korean state hackers are tracked down as the Lazarus group targets security researchers in socio-technical attacks using elaborate fake “security researchers” on social media.

The attackers sent malicious Visual Studio projects and links to a malicious Web site hosting exploit kits designed to install backdoors on targeted researchers’ computers.

Some researchers who used fully patched Windows 10 computers running the latest version of Google Chrome were infected with the attacks, indicating that hackers used zero-day vulnerabilities to compromise the target devices.

An additional Internet Explorer zero-day was discovered by the South Korean cyber security company ENKI after unsuccessful attacks on security researchers.

Microsoft also reported that they had also tracked the attack and saw Lazarus operators send MHTML files with malicious JavaScript to researchers.


Source link