Cybercriminals are on the offensive and they’re targeting security experts

A state-sponsored cybercrime group from North Korea has kicked off a new campaign targeting cybersecurity researchers, says Google.
According to a new report
from the companys Threat Analysis Group (TAG), the attackers have created a fake offensive security company called SecuriElite, offering penetration testing, software security assessments and exploits. 
The group also set up a whole slew of fake social media accounts across various channels, including Twitter and LinkedIn, as well as a fake website, all with the goal of establishing credibility in the cybersecurity industry.
All of these techniques are designed as a lure, to get cybersecurity researchers interested in the fake company’s work.
The website is yet to serve malicious content to anyone, Google said, but has been added to Google Safebrowsing anyway.
According to a ZDNet report, the modus operandi is pretty clear: after setting up their online presence and establishing themselves as experts, the attackers reach out to their targets and offer to collaborate on cybersecurity research. 
If the victim accepts, the group either sends them a malicious Visual Studio project carrying a backdoor or redirects them to a blog filled with malicious code and different browser exploits.
These are known state-sponsored actors, Google claims. The same group is said to have used a similar zero-day back in January.
All of the malicious social media accounts identified have been reported to their respective platforms, and should be taken down sooner rather than later.
Via ZDNet