A state-sponsored cybercrime group in North Korea has launched a new campaign targeting cybersecurity researchers, Google says.
According to a new report from the company’s Threat Analysis Group (TAG), the attackers created a bogus offensive security company called “SecuriElite,” offering penetration testing, software security assessments and exploits.
The group has also set up a host of fake social media accounts on various channels, including Twitter and LinkedIn, as well as a fake website, all in an attempt to establish credibility in the cybersecurity industry. .
All these techniques are designed as a decoy, to interest cybersecurity researchers in the “work” of the bogus company.
The website has yet to deliver malicious content to anyone, Google said, but has been added to Google Safebrowsing anyway.
Distribute zero days
According to a ZDNet report, the modus operandi is quite clear: after setting up their online presence and establishing themselves as “experts”, attackers reach their targets and offer to collaborate on cybersecurity research.
If the victim agrees, the group sends them a malicious Visual Studio project with a backdoor or redirects them to a blog full of malicious code and various browser exploits.
They are well-known state-sponsored actors, Google claims. The same group reportedly used a similar zero day in January.
All identified malicious social media accounts have been reported to their respective platforms and should be deleted as soon as possible.