In January, Google and Microsoft released what they said were North Korean government-sponsored hackers targeting security researchers. The hackers spent weeks using fake Twitter profiles – allegedly belonging to vulnerability researchers ̵
Now the same hackers are back, a Google researcher said on Wednesday, this time with a new batch of social media profiles and a fake company claiming to offer offensive security services, including penetration testing, software security assessments and software exploitation.
Once again with feeling
The website of the fake company is elegant and does not look different from countless real security companies around the world.
The hackers also boiled up more than a dozen new profiles on social media that allegedly belonged to recruiters for security companies, security researchers and various employees of SecuriElite, the fake security company. The work of creating the profiles was quite impressive.
Next level trolling
My favorite is this Twitter profile of @seb_lazar, which probably corresponds to Sebastian Lazarescue, one of the fake researchers working for the fake SecuriElite.
Security people all know that Lazarus is the name used to identify hackers backed by the North Korean government. Developing detailed Twitter and LinkedIn profiles for a researcher at your fake security company, calling him Sebastian Lazarescue, and getting him to retweet many top security researchers – some who work for Google – is the next level of trolling.
Adam Weidemann, a researcher at Google’s Threat Analysis Group, warns that hackers’ past success in luring researchers to websites hosting an IE zero day means the group should be taken seriously.
“Based on their activity, we continue to believe that these players are dangerous, and probably have more 0-days,” he wrote.