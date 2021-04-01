



Written by Shannon Vavra March 31, 2021 | Cyber ​​Scoop

A North Korean-linked hacker has set up a fake security company and social media account as part of an extensive campaign targeting cybersecurity researchers using malware, according to a Google survey released Wednesday. did.

According to Google, hackers used at least two fake accounts on LinkedIn to impersonate antivirus software and security company recruiters. One of the recruiters named Carter Edwards works for a company named Trend Macro. At this company, anyone looking for a new information security job quickly can be confused with the legitimate security company Trend Micro.

The campaign also relies on a small portion of its Twitter account.

According to Google, a fake Turkey-based company, which hackers call Securi Elite, is based in Turkey and claims to focus on aggressive security, penetration testing, software security assessments, and exploits. I am.

According to Google, hackers set up an apparent company in March. A Twitter account that appears to be linked to a fake company has only one tweet and one follower at the time of the press.

This isn’t the first time these North Korean hackers have opened fake websites or social media accounts, with the goal of tricking other security researchers into downloading malware.

Google previously published an early iteration of the campaign. It boasted a seemingly legitimate security blog and the opportunity for the target to investigate vulnerabilities with the blog owner.

In that case, Google says that even the interested target that you just clicked to see the blog was infected, even if you patched it and used the latest versions of Windows 10 and Chrome browsers.

However, the exposure that hackers recently set up a new division of the campaign suggests that they do not appear to have been deterred after previous exposures.

Google states that hackers are linked to government-backed entities, but have not designated a specific group of attackers.

According to Google, hackers do not appear to be using the Securi Elite part of the campaign to target researchers who have used malware. However, according to Google, the website provides a link to their PGP public key, a link to an earlier version of the campaign offered to distribute browser exploits.

Previous campaigns targeting victims with malware leveraged Twitter, LinkedIn, Telegram Discord, and Keybase accounts to send emails to potential victims.

Google said it has contacted LinkedIn and Twitter about the possibility of deleting the latest social media accounts discovered by the team. Both social media platforms have deleted your account.

A LinkedIn spokeswoman told CyberScoop that our terms prohibit the use of LinkedIn for criminal activity, actively looking for signs of state-sponsored activity, and malicious intent on the platform. Take immediate action against someone with a stake.

All accounts you browsed have been permanently suspended for violating Twitter rules. A Twitter spokeswoman said that if the activity could be reliably attributed to state-sponsored actors, the account and related content would be disclosed to the information operations archive.

According to the Ministry of Justice, some North Korean hackers disguised themselves as recruiters in 2016 and 2017 in an attempt to break into Lockheed Martin’s computer system.

According to the Israeli Ministry of Defense, a hacker associated with the North Korean government, known as the Lazarus Group, recently targeted people working in the Israeli defense sector with fake jobs last year as part of a broader espionage campaign. .. North Korean hackers have recently targeted employees of aerospace and defense companies with malicious Microsoft Word documents, according to McAfee researchers.

Update, March 31, 2021: This article has been updated to include comments from LinkedIn and Twitter.

