Google TAG warns of the group using zero-day exploits after reaching out to targets on social media.
A North Korean hacking group known to have targeted security researchers in the past has now upped its game through the creation of a fake offensive security firm. The threat actors, believed to be state-sponsored and backed by North Korea’s ruling party, were first documented by Google’s Threat Analysis Group (TAG) in January 2021. Google TAG, specialists in tracking advanced persistent threat (APT) groups, said at the time that the North Korean cyberattackers had established a web of fake profiles across social media, including Twitter, Keybase, and LinkedIn. „In order to build credibility and connect with security researchers, the actors established a research blog and multiple Twitter profiles to interact with potential targets,“ Google said. „They’ve used these Twitter profiles for posting links to their blog, posting videos of their claimed exploits, and for amplifying and retweeting posts from other accounts that they control.
