Google’s Threat Analysis Group (TAG) says North Korean government – sponsored hackers are once again targeting security researchers using fake Twitter and LinkedIn social media accounts.
The hackers also created a website for a fake company called SecuriElite (located in Turkey) and reportedly offers offensive security services that Google’s security team focused on hunting down state-sponsored hackers discovered on March 17.
All LinkedIn and Twitter accounts created by the North Korean hackers and associated with this new campaign were reported by Google and are now disabled.
Just as in the attacks discovered in January 2021
However, the attacks were discovered in its early stages since the SecuriElite website was not yet set up to deliver harmful payloads.
“At this time, we have not observed that the new attacker site is serving malicious content, but we have added it to Google Safebrowsing as a precaution,” said Adam Weidemann of Threat Analysis Group.
“Based on their activity, we continue to believe that these players are dangerous and probably have more 0-days.
“We encourage anyone who discovers a Chrome vulnerability to report that activity through the Chrome Vulnerabilities Rewards Program submission process.”
Lazarus targets scientists with zero-day malware
In January, North Korean state hackers are tracked down as the Lazarus group targets security researchers in socio-technical attacks using elaborate fake “security researchers” on social media.
The attackers sent malicious Visual Studio projects and links to a malicious Web site hosting exploit kits designed to install backdoors on targeted researchers’ computers.
Some researchers who used fully patched Windows 10 computers running the latest version of Google Chrome were infected with the attacks, indicating that hackers used zero-day vulnerabilities to compromise the target devices.
An additional Internet Explorer zero-day was discovered by the South Korean cyber security company ENKI after unsuccessful attacks on security researchers.