Hackers believed to be working on behalf of North Korea have in recent years posed as recruiters and targeted workers in a variety of industries with offers of extravagant jobs at big-name firms with massive salaries. In the past, that campaign has mostly been carried out over email, but now researchers are seeing North Korean hackers shift their phishing attempts to LinkedIn and WhatsApp.
By first constructing convincing profiles on the career-focused social media platform LinkedIn, reaching out to their victims with phony job offers and convincing them to move the conversation over to WhatsApp, where they would be targeted with malware, North Korean hackers have crafted a sophisticated method for targeting computer security researchers, according to a two-part report released by Google’s Mandiant on Thursday.
Michael Barnhart, a principal analyst at Mandiant, describes this North Korean threat actor as “one of the more skilled groups coming out of this closed off nation,” and in targeting security researchers, the group deployed a range of new tools.
The group’s activity — tracked as UNC2970 or TEMP.Hermit by Mandiant and included under the broader Lazarus umbrella by others — includes “an array of specially crafted LinkedIn accounts based on legitimate users” that are “well designed and professionally curated to mimic the identities of the legitimate users in order to build rapport and increase the likelihood of conversation and interaction,” Mandiant’s researchers said.
Advertisement
If the attackers were successful in shifting the conver ..
Support the originator by clicking the read the rest link below.
