Security News > 2021 > January > Google releases alarming report about North Korean hackers posing as security analysts
Google said the attackers were targeting security researchers by using fake LinkedIn and Twitter profiles and asking to collaborate.
Google unveiled a new report from its Threat Analysis Group on Monday highlighting the work of a group of cyberattackers associated with the government of North Korea that sought to impersonate cybersecurity researchers in an effort to target those "Working on vulnerability research and development at different companies and organizations." Adam Weidemann, a member of the Threat Analysis Group, wrote that the attackers used a variety of fake blogs, Twitter accounts and LinkedIn profiles to make themselves look legitimate and communicate with researchers and analysts they were hoping to go after.
"The actors have been observed targeting specific security researchers by a novel social engineering method. After establishing initial communications, the actors would ask the targeted researcher if they wanted to collaborate on vulnerability research together, and then provide the researcher with a Visual Studio Project," Weidemann wrote.
"As someone they've targeted, I'm glad Google is coming out with this alert. There are so many people throughout the world seeking private intel, and if you don't know who you're talking to, work on the assumption that the name and picture you're being offered is likely not valid. The accounts of these four attackers are suspended, but really that means nothing. They'll just make up another name and be back."
SafeGuard Cyber CEO Jim Zuffoletti said attacks like this are on the rise because attackers are moving into channels of communication that "Are invisible to security teams," adding that the distributed nature of work since the onset of the COVID-19 pandemic made it imperative that security teams put better controls in place for social and chat apps.
"You know you've made it when cybercriminals are trying to gain access to your social media accounts or research," joked James McQuiggan, security awareness advocate at KnowBe4.
News URL
Related news
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- Radiant links $50 million crypto heist to North Korean hackers (source)
- Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection (source)
- North Korean hackers stole $1.3 billion worth of crypto this year (source)
- North Korean Hackers Pull Off $308M Bitcoin Heist from Crypto Firm DMM Bitcoin (source)
- FBI links North Korean hackers to $308 million crypto heist (source)
- North Korean Hackers Deploy OtterCookie Malware in Contagious Interview Campaign (source)
- New details reveal how hackers hijacked 35 Google Chrome extensions (source)
- Hackers use Google Search ads to steal Google Ads accounts (source)