A North Korean Hacking group, know to previously have targeted security researchers has recently created a fake offensive security firm. The threat actors were first documented in January 2021, per Google’s Threat Analysis Group (TAG). The TAG specialists have said that the North Korean hackers had developed a web of fake profiles on various social media platforms. Among these are Twitter, Keybase and LinkedIn. The group would reach out to its victims asking for a collaboration on cybersecurity research. If accepted, the victim would receive a malicious Visual Studio project, which contained a back door. Another strategy they used was to ask researchers to visit a blog infected with malicious code.
Google commented: “In order to build credibility and connect with security researchers, the actors established a research blog and multiple Twitter profiles to interact with potential targets. They’ve used these Twitter profiles for posting links to their blog, posting videos of their claimed exploits, and for amplifying and retweeting posts from other accounts that they control.”