In recent days, the cybersecurity community has been abuzz with discussion of the latest announcement from Google's Threat Analysis Group. Google says it has spent the past few months tracking a new campaign orchestrated by "a government-backed entity based in North Korea," thought to be the threat actor known as the Lazarus Group. The campaign targeted a number of security researchers.
There are special lessons to be learned from this campaign. The researchers were attacked in a complex, multivector fashion. To cope with this kind of attack, security and risk teams need to look beyond virtual private networks and network infrastructure to the communication channels where social engineering is taking place.
Dissecting a Multivector Attack Google hopes its announcement will remind people to "remain vigilant when engaging with individuals they have not previously interacted with." Why? Because this campaign was not simply a spoofed email. This was a sophisticated attack, where the threat actors played the long game with social engineering and a multichannel approach:
The bad actors set up a fake research blog. Their efforts were considerable, including fake exploits and lengthy write-ups. They also set up multiple fake Twitter and YouTube accounts to amplify their pretend research.
Via this online presence, the bad actors established credibility with the online security research community.
With this credibility established, the bad actors reached out to real security researchers, suggesting that they collaborate. These communications occurred on multiple platforms: Twitter, LinkedIn, Telegram, Discord, Keybase, and email.
Once connected, the ..
Support the originator by clicking the read the rest link below.
