Suspected North Korean hackers are continuing to target security researchers with malware

Suspected North Korean hackers are continuing to target security researchers with malware

In January 2021, Google’s Threat Analysis Group published a report detailing a cyber-espionage campaign carried out by a North Korea-linked threat actor that was targeting security experts involved in vulnerability research and development at different companies and organizations and it appears that the campaign is still ongoing.

The cyber-espionage operation involved the hackers using a number of tricks to gain victims’ trust, mostly by posing as researchers themselves. The attackers created their own research blogs containing analysis of vulnerabilities that had been publicly disclosed, and set up multiple Twitter profiles where they posted links to their blog and published videos of their claimed exploits.

In a new report on this threat Google said that in March 2021 the same attackers set up a new website with associated social media profiles for a fake company called “SecuriElite,” which allegedly provided security services, such as pentests, software security assessments and exploits.

This web site had a link to the threat actor’s PGP public key, which in previous attacks acted as the lure to visit the malicious site containing a browser exploit.

“The attacker’s latest batch of social media profiles continue the trend of posing as fellow security researchers interested in exploitation and offensive security. On LinkedIn, we identified two accounts impersonating recruiters for antivirus and security companies. We have reported all identified social media profiles to the platforms to allow them to take appropriate action,” Google said.

The researchers said that they have not observed the new attacker website deliver malicious content, but they have added it to Google Safebrowsing as a precaution.

“Based on their activity, we continue to believe that these actors are dangerous, and likely have more 0-days. We encourage anyone who discovers a Chrome vulnerability to report that activity through the Chrome Vulnerabilities Rewards Program submission process,” Google said.

Back to the list

Latest Posts

Researchers caught embedding hidden AI prompts to sway research reviewers

Researchers caught embedding hidden AI prompts to sway research reviewers

The investigation analyzed English-language preprints published on the research platform arXiv and found concealed AI instructions in 17 papers.
7 July 2025
Brazilian programmer arrested for role in $185 million bank hack

Brazilian programmer arrested for role in $185 million bank hack

João Nazareno Roque, a junior back-end developer at C&M, was allegedly recruited by hackers in a bar in São Paulo.
7 July 2025
APT36 cyber-espionage campaign targeting Indian defense sector via BOSS Linux

APT36 cyber-espionage campaign targeting Indian defense sector via BOSS Linux

More recently, APT36 has shifted its focus to Linux-based environments.
7 July 2025