1 min read

North Korean-Backed Group Sets Up Fake Security Company, Google Says

Silviu STAHIE

April 05, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
North Korean-Backed Group Sets Up Fake Security Company, Google Says

Threat actors working on behalf of North Korea posed as security researchers on social media in a campaign to compromise employees of security companies, according to a Google report.

The threat actors” ability and willingness to go after security researchers only shows how serious the campaign really was. It”s not a common occurrence in the cybersecurity world, making the campaign all the more interesting.

A few months ago, Google identified a campaign targeting security researchers working on vulnerability research, which they attributed to a group working for North Korea. The attackers set up a blog, fake contacts and Twitter profiles, then posted videos and used social media to amplify their work.

Now, the group is back, but this time they set up a fake company named SecuriElite, located in Turkey. The primary modus operandi is similar, with the attackers going after the same type of targets.

“The new website claims the company is an offensive security company located in Turkey that offers pentests, software security assessments and exploits,” said Threat Analysis Group”s Adam Weidemann.

“Like previous websites we”ve seen set up by this actor, this website has a link to their PGP public key at the bottom of the page. In January, targeted researchers reported that the PGP key hosted on the attacker”s blog acted as the lure to visit the site where a browser exploit was waiting to be triggered,” he explained.

This time, the group set up a few fake LinkedIn profiles and tried to establish a legitimate company. The attackers have yet to deploy any malicious content, but Google informed LinkedIn of the fake profiles. In the previous campaign, their primary attack vector was an Internet Explorer zero-day, which likely means they have others ready to use.

Google published a complete list of actor-controlled sites and accounts.

tags


Author



Right now

Top posts

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read
Why and how to hide your IP address while traveling

Why and how to hide your IP address while traveling

April 13, 2022

2 min read
How Bitdefender Can Help Restore Your Privacy in the Digital Age

How Bitdefender Can Help Restore Your Privacy in the Digital Age

April 04, 2022

3 min read
How Strong is VPN Encryption?

How Strong is VPN Encryption?

February 28, 2022

3 min read
Top Three Ways Internet Users Unknowingly Help Cybercriminals

Top Three Ways Internet Users Unknowingly Help Cybercriminals

February 25, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Ukrainian Citizen Sentenced to Prison for Brute-Forcing Credentials and Selling them Online Ukrainian Citizen Sentenced to Prison for Brute-Forcing Credentials and Selling them Online
Silviu STAHIE

May 13, 2022

2 min read
Mozilla Says Many Health and Prayer Apps Are Pose Security Risks Mozilla Says Many Health and Prayer Apps Are Pose Security Risks
Silviu STAHIE

May 09, 2022

2 min read
$5 Million Worth of Bored Ape NFTs Stolen by Scammers Pretending to Return Gas Fees $5 Million Worth of Bored Ape NFTs Stolen by Scammers Pretending to Return Gas Fees
Silviu STAHIE

May 05, 2022

1 min read