Home Internet Security North Korean hackers target security researchers again

North Korean hackers target security researchers again


Google: North Korean hackers target security researchers again

Google’s Risk Evaluation Group (TAG) says that North Korean government-sponsored hackers are as soon as once more concentrating on safety researchers utilizing pretend Twitter and LinkedIn social media accounts.

The hackers additionally created a web site for a pretend firm named SecuriElite (positioned in Turkey) and supposedly providing offensive safety providers because the Google safety crew targeted on searching down state-backed hackers found on March 17.

All LinkedIn and Twitter accounts created by the North Korean hackers and related to this new marketing campaign have been reported by Google and are actually disabled.

Simply as within the assaults detected throughout January 2021, this website was additionally internet hosting the attackers’ PGP public key, which was used as bait to contaminate safety researchers with malware after triggering a browser exploit on opening the web page.

SecuriElite website
SecuriElite web site

Nevertheless, the assaults have been noticed of their early part for the reason that SecuriElite website wasn’t but set as much as ship any malicious payloads.

“Right now, we’ve got not noticed the brand new attacker web site serve malicious content material, however we’ve got added it to Google Safebrowsing as a precaution,” Risk Evaluation Group’s Adam Weidemann stated.

“Primarily based on their exercise, we proceed to imagine that these actors are harmful, and certain have extra 0-days.

“We encourage anybody who discovers a Chrome vulnerability to report that exercise by way of the Chrome Vulnerabilities Rewards Program submission course of.”

Lazarus targets researchers with zero-days, malware

In January, North Korean state hackers tracked because the Lazarus Group targeted security researchers in social engineering assaults utilizing elaborate pretend “safety researcher” social media personas.

The attackers despatched malicious Visible Studio Tasks and hyperlinks to a malicious web site internet hosting exploit kits designed to put in backdoors on focused researchers’ computer systems.

Some researchers utilizing absolutely patched Home windows 10 computer systems and operating the most recent Google Chrome model have been contaminated within the assaults, indicating that the hackers have been utilizing zero-day vulnerabilities to compromise the targets’ units.

An additional Internet Explorer zero-day was found by South Korean cybersecurity agency ENKI after failed assaults on their safety researchers.

Microsoft additionally reported that that they had additionally been monitoring the assault and saw Lazarus operators sending MHTML files with malicious JavaScript to researchers.

Source link