1 min read

North Korean-Backed Group Sets Up Fake Security Company, Google Says

Silviu STAHIE

April 05, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
North Korean-Backed Group Sets Up Fake Security Company, Google Says

Threat actors working on behalf of North Korea posed as security researchers on social media in a campaign to compromise employees of security companies, according to a Google report.

The threat actors” ability and willingness to go after security researchers only shows how serious the campaign really was. It”s not a common occurrence in the cybersecurity world, making the campaign all the more interesting.

A few months ago, Google identified a campaign targeting security researchers working on vulnerability research, which they attributed to a group working for North Korea. The attackers set up a blog, fake contacts and Twitter profiles, then posted videos and used social media to amplify their work.

Now, the group is back, but this time they set up a fake company named SecuriElite, located in Turkey. The primary modus operandi is similar, with the attackers going after the same type of targets.

“The new website claims the company is an offensive security company located in Turkey that offers pentests, software security assessments and exploits,” said Threat Analysis Group”s Adam Weidemann.

“Like previous websites we”ve seen set up by this actor, this website has a link to their PGP public key at the bottom of the page. In January, targeted researchers reported that the PGP key hosted on the attacker”s blog acted as the lure to visit the site where a browser exploit was waiting to be triggered,” he explained.

This time, the group set up a few fake LinkedIn profiles and tried to establish a legitimate company. The attackers have yet to deploy any malicious content, but Google informed LinkedIn of the fake profiles. In the previous campaign, their primary attack vector was an Internet Explorer zero-day, which likely means they have others ready to use.

Google published a complete list of actor-controlled sites and accounts.

tags


Author



Right now

Top posts

Abode IoT Security Camera Vulnerabilities Would Let Attackers Insert Images, Bitdefender Finds

Abode IoT Security Camera Vulnerabilities Would Let Attackers Insert Images, Bitdefender Finds

December 21, 2021

2 min read
Online Shoppers Beware, Mobile Scams Are on the Rise

Online Shoppers Beware, Mobile Scams Are on the Rise

December 17, 2021

2 min read
The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Unknown Person Zoom-Bombs Meeting in Italian Parliament and Blasts Anime Adult Content Unknown Person Zoom-Bombs Meeting in Italian Parliament and Blasts Anime Adult Content
Silviu STAHIE

January 21, 2022

1 min read
FBI Links Diavol Ransomware to Trickbot, Offers IOCs and Mitigations FBI Links Diavol Ransomware to Trickbot, Offers IOCs and Mitigations
Filip TRUȚĂ

January 21, 2022

2 min read
Data of 500,000 already vulnerable people stolen from Red Cross Data of 500,000 already vulnerable people stolen from Red Cross
Radu CRAHMALIUC

January 20, 2022

1 min read