1 April 2021

Suspected North Korean hackers are continuing to target security researchers with malware


Suspected North Korean hackers are continuing to target security researchers with malware

In January 2021, Google’s Threat Analysis Group published a report detailing a cyber-espionage campaign carried out by a North Korea-linked threat actor that was targeting security experts involved in vulnerability research and development at different companies and organizations and it appears that the campaign is still ongoing.

The cyber-espionage operation involved the hackers using a number of tricks to gain victims’ trust, mostly by posing as researchers themselves. The attackers created their own research blogs containing analysis of vulnerabilities that had been publicly disclosed, and set up multiple Twitter profiles where they posted links to their blog and published videos of their claimed exploits.

In a new report on this threat Google said that in March 2021 the same attackers set up a new website with associated social media profiles for a fake company called “SecuriElite,” which allegedly provided security services, such as pentests, software security assessments and exploits.

This web site had a link to the threat actor’s PGP public key, which in previous attacks acted as the lure to visit the malicious site containing a browser exploit.

“The attacker’s latest batch of social media profiles continue the trend of posing as fellow security researchers interested in exploitation and offensive security. On LinkedIn, we identified two accounts impersonating recruiters for antivirus and security companies. We have reported all identified social media profiles to the platforms to allow them to take appropriate action,” Google said.

The researchers said that they have not observed the new attacker website deliver malicious content, but they have added it to Google Safebrowsing as a precaution.

“Based on their activity, we continue to believe that these actors are dangerous, and likely have more 0-days. We encourage anyone who discovers a Chrome vulnerability to report that activity through the Chrome Vulnerabilities Rewards Program submission process,” Google said.

Back to the list

Latest Posts

Chinese hackers reportedly behind hundreds cyber attacks in Japan

Chinese hackers reportedly behind hundreds cyber attacks in Japan

The attacks targeted nearly 200 companies and organizations in Japan, including the country's space agency and defence firms.
20 April 2021
Lazarus APT has found a clever way to conceal its malicious code

Lazarus APT has found a clever way to conceal its malicious code

The hacker group is now using BMP images to drop its RAT.
20 April 2021
Reuters: Hundreds of customer networks breached in Codecov supply-chain attack

Reuters: Hundreds of customer networks breached in Codecov supply-chain attack

Hackers have used Bash Uploader to gain access to hundreds of networks belonging to the company’s customers.
20 April 2021