North Korean hackers are now using a fake security company to target researchers
Researchers at Google LLC’s Threat Analysis Group are warning that the same North Korean hackers who targeted security researchers earlier this year have now set up a new website and fake social media profiles for a fake company called “SecuriElite.”
In the initial report in January, the Google researchers warned that the North Korean Advanced Persistent Threat group was specifically targeting security researchers working on vulnerability research and development at various companies and organizations.
The campaign involved the Korean hackers establishing a research blog and multiple Twitter accounts in an effort to build credibility and connect with security researchers. The blog included writeups and analyses of vulnerabilities that have been publicly disclosed and included guest posts from legitimate security researchers who had been tricked into believing they were being published on a legitimate site.
The blog, so it would seem, was just the beginning. The SecuriElite website, described by Google Wednesday, claims to be a cybersecurity company based in Turkey that offers penetration testing, software security assessments and exploits. The website, like the blog before it, also includes a link to a PGP public key at the bottom of the page allowing security researchers to send messages to the fake company confidentially.
The new fake social member profiles are similar to those established earlier this year and notably include accounts on LinkedIn impersonating recruiters for antivirus and security companie, along with a range of fake Twitter Inc. accounts that supposedly belong to employees of the fake company.
“Malicious actors have become increasingly sophisticated in their approach to email attacks,” Rami Habal, chief product officer of business email compromise company Abnormal Security Corp., told SiliconANGLE. “It’s no longer a brut-force numbers game where large volumes of mediocre lures are blasted into as many inboxes as possible. That’s because companies have gotten very good at stopping those types of attacks.”
Habal added that instead, modern attackers are taking the time to effectively impersonate partners, vendors and in this case, a fake security company. “Novel attacks like this are impossible for traditional email security technologies to detect,” he said. “That’s why today’s threat landscape requires a modern approach to email security that leverages behavioral data science to establish a clear understanding of the organization and the people sending emails.”
Since you’re here …
Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!
Support our mission: >>>>>> SUBSCRIBE NOW >>>>>> to our YouTube channel.
… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.