Security News > 2021 > April > Google: North Korean APT Gearing Up to Target Security Researchers Again

The same North Korean threat actors that targeted security researchers in January appear to be readying a new campaign using a fake company that aim to lure security professionals into another cyber-espionage trap.

While researchers have seen no evidence yet of nefarious activity from attackers that leverage these web assets, it appears that attackers are gearing up to target security researchers again by the nature of the activity, according to Google TAG. Like previous websites that Google TAG has observed Zinc establish, the SecuriElite website has a link to the group's PGP public key at the bottom of the page, researchers noted.

The social-media profiles associated with SecuriElite also are suspicious, with attackers once again posing as fellow security researchers interested in exploitation and offensive security, according to Google TAG. "On LinkedIn, we identified two accounts impersonating recruiters for antivirus and security companies," researchers said in the post, which includes screenshots of the profiles and a tweet from SecuriElite.

Google TAG first tracked hackers linked to North Korea targeting security researchers late last year, revealing what they learned in January.

Security researchers infected in those attacks were running fully patched and up-to-date Windows 10 and Chrome browser versions, according to TAG, which signaled that hackers likely were using zero-day vulnerabilities in their campaign.

At the time, researchers surmised that the motive behind the attacks was to uncover and steal vulnerabilities to use in North Korean APT campaigns, they said.

News URL

https://threatpost.com/north-korean-apt-security-researchers/165155/