In line with researchers at Google’s Threat Analysis Group (TAG), the hackers arrange a brand new web site with related social media profiles for a faux firm known as “SecuriElite” on March 17.
This faux web site claimed it was “an offensive safety firm situated in Turkey that gives pentests, software program safety assessments and exploits”.
The web site had a hyperlink to the hackers’ PGP public key on the backside of the web page. Earlier this yr, researchers reported that the PGP key hosted on the attacker’s weblog acted because the lure to go to the positioning the place a browser exploit was ready to be triggered.
Google researchers stated they hadn’t seen this new faux web site serving malicious content material however have added it to Google Safebrowsing as a precaution.
The hackers arrange a number of social media accounts to pose as fellow safety researchers focused on exploitation and offensive safety. Researchers stated that on LinkedIn, two accounts have been recognized as impersonating recruiters for antivirus and safety corporations. Since then, these profiles have been reported to the related social media corporations to take applicable motion.
Google’s Menace Evaluation Group’s Adam Weidemann stated his crew believes that these actors are harmful and sure have extra zero-days primarily based on their exercise.
“We encourage anybody who discovers a Chrome vulnerability to report that exercise by means of the Chrome Vulnerabilities Rewards Program submission course of,” he added.
In January, Google’s Menace Evaluation Group identified an ongoing marketing campaign concentrating on safety researchers engaged on vulnerability analysis and growth at completely different corporations and organizations. This marketing campaign was run by the Lazarus APT group intently linked to the North Korean regime.
On this earlier assault, hackers arrange a analysis weblog and a number of Twitter profiles to work together with potential targets to construct credibility and join with safety researchers. These hackers used Twitter profiles to submit hyperlinks to their weblog and movies of their claimed exploits, and amplify and retweet posts from different accounts they managed.
As reported by ITPro, the Lazarus APT group has additionally used spear-phishing assaults concentrating on protection business corporations. Victims obtained emails with malicious Phrase attachments or hyperlinks to them hosted on firm servers. Malware in these emails gave hackers full management of the sufferer’s system.
Managing safety danger and compliance in a difficult panorama
How key expertise companions develop along with your organisation
Safety greatest practices for PostgreSQL
Securing information with PostgreSQL
Remodel your MSP enterprise right into a money-making machine
Advantages and challenges of a recurring income mannequin
The care and feeding of cloud
The way to assist cloud infrastructure post-migration