North Korean hackers attack IS specialists again

In January 2021, Google experts warned that North Korean hackers attack IS specialists engaged in vulnerability research.

They used social engineering to specialists, tried to gain their trust, and eventually lure them to malicious sites and infect their systems with malware.

Having established contact with a specialist, the hackers invited him to work together on some research and provided access to the Visual Studio project. Of course, this project contained malicious code that infected the specialist’s system with malware. The malware, which was later linked to the well-known hack group Lazarus, worked like a normal backdoor, communicating with a remote server while waiting for commands.researchers from the Google Threat Analysis Group (TAG) said.

Now Google writes that these attacks have resumed: the website of the fake information security firm SecuriElite was discovered, as well as its Twitter and LinkedIn accounts, which were created by the same hacker group. Allegedly, the firm is located in Turkey and is engaged in pentests, software security assessments and exploits.

The company has been linked to past attacks by using the same PGP public key.

Apparently, the attackers acted according to the old scheme: they planned to use accounts on social networks to communicate with information security specialists in order to lure researchers to their website, where they would use browser exploits against them and infect their machines with malware.

While the first wave of attacks exploited zero-day vulnerabilities in Google Chrome, Internet Explorer and Windows 10, the new site did not contain any malicious code.

The operation was discovered at the planning stage, and it just didn’t get to exploits.experts Google TAG say.

Although the SecuriElite site was not malicious at the time of discovery, Google still added the site address (securielite[.]com) to the Safe Browsing API to prevent users from accessing it even by accident. Experts also notified social networks about the accounts of the attackers, which are now blocked.

Let me remind you that I also wrote that the North Korean hack group Lazarus is interested in data on COVID-19 vaccines.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.