North Korean hackers are now using a fake security company to target researchers

North Korean hackers are now using a fake security company to target researchers

Researchers at Google LLC’s Threat Analysis Group are warning that the same North Korean hackers who targeted security researchers earlier this year have now set up a new website and fake social media profiles for a fake company called “SecuriElite.”

In the initial report in January, the Google researchers warned that the North Korean Advanced Persistent Threat group was specifically targeting security researchers working on vulnerability research and development at various companies and organizations.

The campaign involved the Korean hackers establishing a research blog and multiple Twitter accounts in an effort to build credibility and connect with security researchers. The blog included writeups and analyses of vulnerabilities that have been publicly disclosed and included guest posts from legitimate security researchers who had been tricked into believing they were being published on a legitimate site.

The blog, so it would seem, was just the beginning. The SecuriElite website, described by Google Wednesday, claims to be a cybersecurity company based in Turkey that offers penetration testing, software security assessments and exploits. The website, like the blog before it, also includes a link to a PGP public key at the bottom of the page allowing security researchers to send messages to the fake company confidentially.

The new fake social member profiles are similar to those established earlier this year and notably include accounts on LinkedIn impersonating recruiters for antivirus and security companie, along with a range of fake Twitter Inc. accounts that supposedly belong to employees of the fake company.

“Malicious actors have become increasingly sophisticated in their approach to email attacks,” Rami Habal, chief product officer of business email compromise company Abnormal Security Corp., told SiliconANGLE. “It’s no longer a brut-force numbers game where large volumes of mediocre lures are blasted into as many inboxes as possible. That’s because companies have gotten very good at stopping those types of attacks.”

Habal added that instead, modern attackers are taking the time to effectively impersonate partners, vendors and in this case, a fake security company. “Novel attacks like this are impossible for traditional email security technologies to detect,” he said. “That’s why today’s threat landscape requires a modern approach to email security that leverages behavioral data science to establish a clear understanding of the organization and the people sending emails.”

Photo: fljckr/Flickr