Google security researchers are warning people to be on the lookout for a squad of sly hackers believed to be North Korean agents.
Like last year’s Twitter VIP account takeovers, the newly discovered hacking campaign, unveiled Monday, shows the effectiveness of so-called social engineering—or good old-fashioned trickery. In this case, the hackers lured victims by presenting themselves, through fake online personas, as friendly computer security pros.
The attackers sought first to establish their reputations. They did this, in part, by uploading doctored YouTube videos of supposed hacks to show off their skills. (“A careful review of the video shows the exploit is fake,” Google researchers noted.) They also blogged about the inner workings of software vulnerabilities, sometimes impersonating legitimate cybersecurity experts in “guest” author posts.