UPDATED 22:43 EST / APRIL 01 2021

SECURITY

North Korean hackers are now using a fake security company to target researchers

Researchers at Google LLC’s Threat Analysis Group are warning that the same North Korean hackers who targeted security researchers earlier this year have now set up a new website and fake social media profiles for a fake company called “SecuriElite.”

In the initial report in January, the Google researchers warned that the North Korean Advanced Persistent Threat group was specifically targeting security researchers working on vulnerability research and development at various companies and organizations.

The campaign involved the Korean hackers establishing a research blog and multiple Twitter accounts in an effort to build credibility and connect with security researchers. The blog included writeups and analyses of vulnerabilities that have been publicly disclosed and included guest posts from legitimate security researchers who had been tricked into believing they were being published on a legitimate site.

The blog, so it would seem, was just the beginning. The SecuriElite website, described by Google Wednesday, claims to be a cybersecurity company based in Turkey that offers penetration testing, software security assessments and exploits. The website, like the blog before it, also includes a link to a PGP public key at the bottom of the page allowing security researchers to send messages to the fake company confidentially.

The new fake social member profiles are similar to those established earlier this year and notably include accounts on LinkedIn impersonating recruiters for antivirus and security companie, along with a range of fake Twitter Inc. accounts that supposedly belong to employees of the fake company.

“Malicious actors have become increasingly sophisticated in their approach to email attacks,” Rami Habal, chief product officer of business email compromise company Abnormal Security Corp., told SiliconANGLE. “It’s no longer a brut-force numbers game where large volumes of mediocre lures are blasted into as many inboxes as possible. That’s because companies have gotten very good at stopping those types of attacks.”

Habal added that instead, modern attackers are taking the time to effectively impersonate partners, vendors and in this case, a fake security company. “Novel attacks like this are impossible for traditional email security technologies to detect,” he said. “That’s why today’s threat landscape requires a modern approach to email security that leverages behavioral data science to establish a clear understanding of the organization and the people sending emails.”

Photo: fljckr/Flickr

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU