Google sees new trick in renewed North Korea cyber attacks
North Korean hackers using new tricks, security researchers say
{{#rendered}} {{/rendered}}
Google is seeing fresh threats from a North Korean government cyber group.
This comes after Google’s Threat Analysis Group in January documented a hacking campaign targeting cyber security researchers.
The hackers’ modus operandi is to build credibility by targeting legitimate researchers, according to Google.
{{#rendered}} {{/rendered}}
As described by Google in January, the actors set up a research blog and multiple Twitter profiles to interact with researchers and used the profiles to post links to their blog and post videos of "their claimed exploits."
"Exploit" refers to code that takes advantage of a software or security flaw.
NORTH KOREAN EDUCATION OFFICIAL REPORTEDLY EXECUTED FOR ‘ANTI-PARTY ACTIVITIES’
{{#rendered}} {{/rendered}}
The blog contained analysis of publicly disclosed cyber vulnerabilities and included "guest" posts from "unwitting legitimate security researchers," in order to "build additional credibility with other security researchers," Google said.
After reaching out to targeted researchers, the cyber actors offered to collaborate on cybersecurity research, then provided a Microsoft program, Visual Studio Project, that contained malicious code, Google said.
Google also observed several cases where targeted researchers unwittingly installed malware after visiting a blog. "Shortly thereafter, a malicious service was installed on the researcher’s system," according to Google.
{{#rendered}} {{/rendered}}
Even sophisticated researchers can fall for ploys by cyber criminals, Brian Martin, vice president of vulnerability Intelligence at Risk Based Security, told Fox News.
"While security people are the first to scream ‘don't click those links,’ they are the first to click specific links if the lure of information is there," Martin said.
On March 17, the same actors set up a new website with associated social media profiles for a fake company called "SecuriElite," according to Google’s most recent blog post on the threat.
{{#rendered}} {{/rendered}}
The website purports to represent an offensive security company based in Turkey that offers pentests (simulated cyberattacks), software security assessments and exploits. Offensive security is a more aggressive, proactive approach to protecting computer systems as opposed to traditional defensive security.
This ruse continues "the trend of posing as fellow security researchers," Google said.
CLICK HERE TO GET THE FOX NEWS APP
{{#rendered}} {{/rendered}}
"Foreign adversaries remain persistent with ever-evolving techniques to steal valuable information – either for its intrinsic value or to launch additional attacks," Matt Ashburn, Head of Strategic Initiatives at Authentic8, told Fox News.
"Thankfully, the private sector rapidly uncovered this operation, coordinated with trust and safety teams to prevent risk, and published the research to warn others," Ashburn said.
In addition to Twitter, the cyber actors have used social media such as LinkedIn, Telegram, Discord, Keybase as well as email, Google said.