A state-sponsored cybercrime group from North Korea has kicked off a new campaign targeting cybersecurity researchers, says Google.
According to a new report (opens in new tab) from the company’s Threat Analysis Group (TAG), the attackers have created a fake offensive security company called “SecuriElite”, offering penetration testing, software security assessments and exploits.
The group also set up a whole slew of fake social media accounts across various channels, including Twitter and LinkedIn, as well as a fake website, all with the goal of establishing credibility in the cybersecurity industry.
- Here's our list of the best antivirus (opens in new tab) services around
- These are the best endpoint protection (opens in new tab) tools out there
- Check out our list of the best malware removal (opens in new tab) software
All of these techniques are designed as a lure, to get cybersecurity researchers interested in the fake company's “work”.
The website is yet to serve malicious content to anyone, Google said, but has been added to Google Safebrowsing anyway.
According to a ZDNet report, the modus operandi is pretty clear: after setting up their online presence and establishing themselves as “experts”, the attackers reach out to their targets and offer to collaborate on cybersecurity research.
If the victim accepts, the group either sends them a malicious Visual Studio project carrying a backdoor or redirects them to a blog filled with malicious code and different browser exploits.
These are known state-sponsored actors, Google claims. The same group is said to have used a similar zero-day back in January.
All of the malicious social media accounts identified have been reported to their respective platforms, and should be taken down sooner rather than later.
- We've also built a list of the best ransomware protection (opens in new tab) services right now