Pretending to be security researchers themselves, this group of cybercriminals went to great lengths to make sure legitimate security researchers would fall for the attack.
Most every scam or attack I cover here is relatively short and sweet: bad guy sends an email with some great impersonation and credibility, some creative malicious tactics are used to avoid detection, the recipient is taken to a website, and the recipient becomes the victim.
But in this new scam highlighted by Google’s Threat Analysis Group, we see scammers from North Korea go to MUCH farther lengths to establish credibility. Why? Because the intended victims are literally some of the world’s best security researchers – the folks that won’t fall for a simple scam.
- The threat actors establish a blog about known exploits and several twitter handles to establish themselves as threat researchers
- Some of the intended victims are even invited to write guest blogs on the attacker’s fake blog
- The threat actors invited the victim security researchers to vulnerability research together
- The victims are provided with a Visual Studio Project that includes source code for exploiting the vulnerability they are collaborating on
- The code also includes an additional malicious DLL that allowed the attackers to interact with the security researcher’s computer
Request A Demo: Security Awareness Training
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilise users as your last line of defence. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!