Pretending to be security researchers themselves, this group of cybercriminals went to great lengths to make sure legitimate security researchers would fall for the attack.
Most every scam or attack I cover here is relatively short and sweet: bad guy sends an email with some great impersonation and credibility, some creative malicious tactics are used to avoid detection, the recipient is taken to a website, and the recipient becomes the victim.
But in this new scam highlighted by Google’s Threat Analysis Group, we see scammers from North Korea go to MUCH farther lengths to establish credibility. Why? Because the intended victims are literally some of the world’s best security researchers – the folks that won’t fall for a simple scam.
Here’s how the scam unfolds:
- The threat actors establish a blog about known exploits and several twitter handles to establish themselves as threat researchers
- Some of the intended victims are even invited to write guest blogs on the attacker’s fake blog
- The threat actors invited the victim security researchers to vulnerability research together
- The victims are provided with a Visual Studio Project that includes source code for exploiting the vulnerability they are collaborating on
- The code also includes an additional malicious DLL that allowed the attackers to interact with the security researcher’s computer
If you look back at these steps, 4 of 5 are all social engineering tactics used to build up credibility and remove any suspicion of foul play. It’s the same with your users, but in only takes a single email with some normal-looking cues in the email’s content to convince them.
This story goes to show you **everyone** needs to undergo Security Awareness Training – If the smartest, most security-focused people on the planet can be fooled, so can your users.