North Korea continues targeting security researchers.
Google's Threat Analysis Group (TAG) has published an update on a North Korean cyberespionage campaign targeting security researchers. TAG warned in January that a threat actor was messaging researchers on various social media platforms asking to collaborate on vulnerability research. They also set up a watering hole site that posed as a phony research blog, using an Internet Explorer zero-day.
Now, Google says the actor is using a new website and social media profiles posing as a fake company called "SecuriElite." TAG writes, "The attacker’s latest batch of social media profiles continue the trend of posing as fellow security researchers interested in exploitation and offensive security. On LinkedIn, we identified two accounts impersonating recruiters for antivirus and security companies. We have reported all identified social media profiles to the platforms to allow them to take appropriate action." Google also believes the attackers are using more zero-days.
Holiday Bear gained access to DHS emails.
The Associated Press reports that the suspected Russian hackers behind the SolarWinds attack gained access to the emails of former acting Department of Homeland Security Secretary Chad Wolf and other DHS officials. So far it doesn't appear that classified communications were compromised, but POLITICO says the number of emails stolen was in the thousands. A State Department spokesperson told POLITICO, "the Department takes seriously its responsibility to safeguard its information and continuously takes steps to ensure information is protected. For security reasons, we are not in a position to discuss the nature or scope of any alleged cybersecurity incidents at this time."