Security News > 2021 > January > Google releases alarming report about North Korean hackers posing as security analysts
Google said the attackers were targeting security researchers by using fake LinkedIn and Twitter profiles and asking to collaborate.
Google unveiled a new report from its Threat Analysis Group on Monday highlighting the work of a group of cyberattackers associated with the government of North Korea that sought to impersonate cybersecurity researchers in an effort to target those "Working on vulnerability research and development at different companies and organizations." Adam Weidemann, a member of the Threat Analysis Group, wrote that the attackers used a variety of fake blogs, Twitter accounts and LinkedIn profiles to make themselves look legitimate and communicate with researchers and analysts they were hoping to go after.
"The actors have been observed targeting specific security researchers by a novel social engineering method. After establishing initial communications, the actors would ask the targeted researcher if they wanted to collaborate on vulnerability research together, and then provide the researcher with a Visual Studio Project," Weidemann wrote.
"As someone they've targeted, I'm glad Google is coming out with this alert. There are so many people throughout the world seeking private intel, and if you don't know who you're talking to, work on the assumption that the name and picture you're being offered is likely not valid. The accounts of these four attackers are suspended, but really that means nothing. They'll just make up another name and be back."
SafeGuard Cyber CEO Jim Zuffoletti said attacks like this are on the rise because attackers are moving into channels of communication that "Are invisible to security teams," adding that the distributed nature of work since the onset of the COVID-19 pandemic made it imperative that security teams put better controls in place for social and chat apps.
"You know you've made it when cybercriminals are trying to gain access to your social media accounts or research," joked James McQuiggan, security awareness advocate at KnowBe4.
News URL
Related news
- Google Cloud/Cloud Security Alliance Report: IT and Security Pros Are ‘Cautiously Optimistic’ About AI (source)
- Top 5 Global Cyber Security Trends of 2023, According to Google Report (source)
- Researchers Identify Multiple China Hacker Groups Exploiting Ivanti Security Flaws (source)
- New Google Workspace feature prevents sensitive security changes if two admins don’t approve them (source)
- Google Chrome: Security and UI Tips You Need to Know (source)
- Microsoft Warns: North Korean Hackers Turn to AI-Fueled Cyber Espionage (source)
- Pentera's 2024 Report Reveals Hundreds of Security Events per Week, Highlighting the Criticality of Continuous Validation (source)
- Prompt Hacking, Private GPTs, Zero-Day Exploits and Deepfakes: Report Reveals the Impact of AI on Cyber Security Landscape (source)
- BeyondTrust Report: Microsoft Security Vulnerabilities Decreased by 5% in 2023 (source)
- NSA warns of North Korean hackers exploiting weak DMARC email policies (source)