Original Release Date: 2/4/2021
Google’s Threat Analysis Group (TAG) identified an ongoing social engineering campaign targeting cybersecurity researchers – specifically those that focus on vulnerability research and development. The campaign, assessed to be attributed to a North Korean (DPRK) state-sponsored threat group, has been ongoing for several months. TAG observed the DPRK threat actors launching vulnerability research blogs, posting fake proof-of-concept (POC) exploits on YouTube, and creating various social media profiles in order to establish credibility and reputation amongst the potential targets. Attack vectors included socially engineering victims into visiting a malicious website or installing malware when loading collaboration project applications.
Social media is often used by threat actors to gain users' trust, spread misinformation to stir unrest, or embed malicious advertisements. The FBI released a Public Service Announcement identifying the reach of Iranian cyber threat actors targeting and threatening US election officials, while further fueling civil unrest. This type of foreign interference has been observed through various social media platforms. Researcher Andrea Downing identified threats facing various social media groups, such as military populations for example, and informed Facebook of the targeted advertisements. Additionally, Tech Transparency Project researchers found that ads for military equipment were displayed in conjunction with content that suggested election misinformation. “Targeted ads could allow malevolent individuals to use the lingo, embed themselves favorably, and manipulate service members,” states cyber intelligence subject matter expert, Bill Hagstead.
The NJCCIC recommends users set stringent security settings for social media accounts and critically evaluate sources of information consumed, seeking out reliable and verified information. Additionally, we suggest cybersecurity researchers consider compartmentalizing research activities using a separate device to minimize exposure. Lastly, it is advised to incorporate these scenarios into tabletop exercises and active defense plans. Further reporting can be found in the Rapid7 article and Homeland Security Today article. Additional recommendations are provided in the NJCCIC products How Big is Your Footprint? and Social Media Scams.