IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

North Korean hackers target security researchers with fake social media accounts

Cyber spies also set up fake Turkish security website to entice victims

North Korean hackers that targeted security researchers back in January have returned in a new attack using fake Twitter and LinkedIn social media accounts.

According to researchers at Google's Threat Analysis Group (TAG), the hackers set up a new website with associated social media profiles for a fake company called “SecuriElite” on March 17.

This fake website claimed it was “an offensive security company located in Turkey that offers pentests, software security assessments and exploits”.

The website had a link to the hackers’ PGP public key at the bottom of the page. Earlier this year, researchers reported that the PGP key hosted on the attacker’s blog acted as the lure to visit the site where a browser exploit was waiting to be triggered.

Google researchers said they hadn’t seen this new fake website serving malicious content but have added it to Google Safebrowsing as a precaution.

The hackers set up several social media accounts to pose as fellow security researchers interested in exploitation and offensive security. Researchers said that on LinkedIn, two accounts were identified as impersonating recruiters for antivirus and security companies. Since then, these profiles have been reported to the relevant social media companies to take appropriate action.

Google’s Threat Analysis Group's Adam Weidemann said his team believes that these actors are dangerous and likely have more zero-days based on their activity.

"We encourage anyone who discovers a Chrome vulnerability to report that activity through the Chrome Vulnerabilities Rewards Program submission process,” he added.

In January, Google’s Threat Analysis Group identified an ongoing campaign targeting security researchers working on vulnerability research and development at different companies and organizations. This campaign was run by the Lazarus APT group closely linked to the North Korean regime. 

In this previous attack, hackers set up a research blog and multiple Twitter profiles to interact with potential targets to build credibility and connect with security researchers. These hackers used Twitter profiles to post links to their blog and videos of their claimed exploits, and amplify and retweet posts from other accounts they controlled.

As reported by ITPro, the Lazarus APT group has also used spear-phishing attacks targeting defense industry companies. Victims received emails with malicious Word attachments or links to them hosted on company servers. Malware in these emails gave hackers full control of the victim’s device.

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Recommended

Twilio account breach result of sophisticated social engineering campaign
Security

Twilio account breach result of sophisticated social engineering campaign

9 Aug 2022
Over 200,000 DrayTek routers vulnerable to total device takeover
Security

Over 200,000 DrayTek routers vulnerable to total device takeover

3 Aug 2022
Data on 69 million Neopets users stolen and listed for sale on hacker forum
Security

Data on 69 million Neopets users stolen and listed for sale on hacker forum

21 Jul 2022
What is zero trust?
network security

What is zero trust?

14 Jul 2022

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
Cyber attack on software supplier causes "major outage" across the NHS
cyber attacks

Cyber attack on software supplier causes "major outage" across the NHS

8 Aug 2022
Should you take your password manager off the internet?
Sponsored

Should you take your password manager off the internet?

28 Jul 2022