A state-sponsored cybercrime group from North Korea has kicked off a new campaign targeting cybersecurity researchers, says Google.
According to a new report from the company’s Threat Analysis Group (TAG), the attackers have created a fake offensive security company called “SecuriElite”, offering penetration testing, software security assessments and exploits.
The group also set up a whole slew of fake social media accounts across various channels, including Twitter and LinkedIn, as well as a fake website, all with the goal of establishing credibility in the cybersecurity industry.
- Here's our list of the best antivirus services around
- These are the best endpoint protection tools out there
- Check out our list of the best malware removal software
All of these techniques are designed as a lure, to get cybersecurity researchers interested in the fake company's “work”.
The website is yet to serve malicious content to anyone, Google said, but has been added to Google Safebrowsing anyway.
Distributing zero-days
According to a ZDNet report, the modus operandi is pretty clear: after setting up their online presence and establishing themselves as “experts”, the attackers reach out to their targets and offer to collaborate on cybersecurity research.
If the victim accepts, the group either sends them a malicious Visual Studio project carrying a backdoor or redirects them to a blog filled with malicious code and different browser exploits.
These are known state-sponsored actors, Google claims. The same group is said to have used a similar zero-day back in January.
All of the malicious social media accounts identified have been reported to their respective platforms, and should be taken down sooner rather than later.
- We've also built a list of the best ransomware protection services right now
Via ZDNet
