In January, Google and also Microsoft outed what they stated was North Korean government-sponsored cyberpunks targeting protection scientists. The cyberpunks invested weeks utilizing phony Twitter accounts—allegedly coming from susceptability scientists—prior to letting loose an Internet Explorer zero-day and also a destructive Visual Studio Project, both of which mounted custom-made malware.

Now the exact same cyberpunks are back, a Google scientist stated on Wednesday, this moment with a brand-new set of social media sites accounts and also a phony business that asserts to supply offending protection solutions, consisting of infiltration screening, software application protection analyses, and also software application ventures.

Once much more with sensation

The homepage for the phony business is streamlined and also looks no various from many actual protection firms around the globe:

The cyberpunks additionally formulated greater than a lots brand-new social media sites accounts that supposed to come from employers for protection firms, protection scientists, and also different workers of SecuriElite, the phony protection business. The job that entered into developing the accounts was rather excellent.

Next-degree trolling

My fave is this Twitter account of @seb_lazar, which most likely represents Sebastian Lazarescue, among the phony scientists helping the phony SecuriElite:

Security individuals all understand that Lazarus is the name utilized to determine cyberpunks backed by the North Korean federal government. Developing thorough Twitter and also ConnectedIn accounts for a scientist with your phony protection business, calling him Sebastian Lazarescue, and also having him retweeting great deals of top-flight protection scientists—some that benefit Google—is next-level trolling.

Adam Weidemann, a scientist with Google’s Threat Analysis Group, warns that the cyberpunks’ previous success in drawing scientists to internet sites organizing an IE zero-day indicates the team must be taken seriously.

“Based on their activity, we continue to believe that these actors are dangerous, and likely have more 0-days,” he composed.



Source arstechnica.com