[ad_1]
In January, Google and Microsoft revealed what they said were North Korean government-sponsored hackers targeting security researchers. Hackers spent weeks using fake Twitter profiles – allegedly owned by vulnerability researchers – before launching zero-day Internet Explorer and a malicious Visual Studio project, both of which installed custom malware.
Now the same hackers are back, a Google researcher said on Wednesday, this time with a new batch of social media profiles and a bogus company claiming to offer offensive security services, including penetration testing, ratings. software security and software exploits.
Again with the feeling
The fake company homepage is stylish and no different from the countless real security companies around the world.
The hackers also created more than a dozen new social media profiles that claimed to be recruiters for security companies, security researchers and various employees of SecuriElite, the bogus security company. The job of creating the profiles has been quite impressive.
Top level trolling
My favorite is this Twitter profile from @seb_lazar, which presumably corresponds to Sebastian Lazarescue, one of the fake researchers working for the fake SecuriElite.
Security officials all know Lazarus is the name used to identify North Korean government-backed hackers. Developing detailed Twitter and LinkedIn profiles for a researcher at your fake security company, naming him Sebastian Lazarescue and having him retweet many top security researchers, some of whom work for Google, is top-level trolling.
Adam Weidemann, a researcher with Google’s Threat Analysis group, warns that hackers’ past success in luring researchers to websites hosting zero-day IEs means the group needs to be taken seriously.
“Based on their activity, we continue to believe that these actors are dangerous and are probably older than 0 days,” he wrote.
[ad_2]
Source link