N. Korean Hacking Group Is Targeting Security Researchers

Uploaded on 2021-04-13 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-North Korea, FREE TO VIEW

A North Korean hacking group that targets security researchers has now created a fake offensive security firm. This firm which is believed to be state-sponsored,  has been exposed by Google's Threat Analysis Group (TAG).

The TAG, which specialises in tracking advanced persistent threat (APT) groups) has identified an on-going campaign targeting security researchers working on vulnerability research and development at different companies and organisations. 

The attacker’s latest batch of social media profiles continue the trend of posing as fellow security researchers interested in exploitation and offensive security.  

On LinkedIn, two accounts have been identified impersonating recruiters for antivirus and security companies.  Google TAG, , said at the time that the North Korean cyber attackers had established a web of fake profiles on social media, including Twitter, Keybase, and LinkedIn.  "In order to build credibility and connect with security researchers, the actors established a research blog and multiple Twitter profiles to interact with potential targets," Google said. "They've used these Twitter profiles for posting links to their blog, posting videos of their claimed exploits, and for amplifying and retweeting posts from other accounts that they control." 

When members of the group reached out to their targets, they would ask if their intended victim wanted to collaborate on cyber security research, before sending them a malicious MS Visual Studio development tool project containing a backdoor. They might also ask researchers to visit a blog laden with malicious code including browser exploits.  

In an update the TAG's Adam Weidemann said that the state-sponsored group has now changed tactics by creating a fake offensive security company "SecuriElite"with new social media profiles and a branded website. The fake company claims to be based in Turkey offering penetration testing services, software security assessments, and exploits. 

A link to a PGP public key has been added to the website. While the inclusion of PGP is standard practice as an option for secure communication, the group has used these links in the past as a means to lure their targets into visiting a page where a browser-based exploit is waiting to deploy.  

In addition, the SecuriElite 'team' has been furnished with a fresh set of fake social media profiles. The threat actors are posing as fellow security researchers, recruiters for cybersecurity firms, and in one case, the HR director of "Trend Macro" -- not to be confused with the legitimate company Trend Micro.  

Google's team linked the North Korean group with the usage of Internet Explorer zero-day in January. The company believes that it is likely they have access to more exploits and will continue to use them in the future against legitimate security researchers.  Google says they have reported all identified social media profiles to the platforms to allow them to take appropriate action.   

Google:       Google:       ZDNet:        Microsoft

You Might Also Read: 

North Korean Hackers Have Stolen $2billion:

 

« Guilty: DeepDotWeb Owner Confesses
Iran Nuclear Plant Hit By Cyber Attack »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CionSystems

CionSystems

CionSystems provides identity, access and authentication solutions to improve security and streamline IT infrastructure management.

Decision Group

Decision Group

Decision Group are a Total Solution Supplier offering Network Forensics and Lawful Interception tools.

CloudAlly

CloudAlly

CloudAlly provides online cloud to cloud backup and recovery solutions, which backs up daily changes in your SaaS to unlimited Amazon S3 storage and makes it available for restore or export.

StormWall

StormWall

StormWall is an Anti-DDoS protection service for websites and networks. We offer 100% protection from all types of DDoS attacks and 24/7 technical support.

Cask Government Services

Cask Government Services

Cask Government Services focuses on program management, cybersecurity, logistics, business analysis and engineering services for Federal, State and Local Government.

LATRO Services

LATRO Services

LATRO Services is a complete solution provider to discover, locate, and eliminate telecom fraud.

HyperQube

HyperQube

HyperQube is a “cyber range as a service” offering that enables enterprises to quickly and easily build an exact copy of any IT infrastructure.

NFIR

NFIR

NFIR is a specialist in the field of cyber security incident response and digital forensics.

Nakivo

Nakivo

Nakivo provides fast, reliable, and affordable VM backup, replication, and disaster recovery solutions for VMware, Nutanix AHV, AWS EC2.

Envelop Risk

Envelop Risk

Envelop Risk is a global specialty cyber insurance firm, combining decades of insurance industry expertise with sophisticated cyber and artificial intelligence-based analytics.

XS Matrix Security Solutions

XS Matrix Security Solutions

XS Matrix provide solutions to detect, measure and take effective actions against unnecessary or conflicting access rights.

SHe CISO Exec

SHe CISO Exec

SHe CISO Exec is a sustainable global training and mentoring platform in information security and leadership.

Synergy Infosec

Synergy Infosec

Synergy Infosec offer companies a combination of intelligent tools that identify their security vulnerabilities and eliminate them for good.

3B Data Security

3B Data Security

3B Data Security offer a range of Penetration Testing, Digital Forensics, Incident Response and Data Breach Management Services.

RegScale

RegScale

RegScale helps organizations comply in real-time with multiple compliance requirements (NIST, CMMC, ISO, SOX, etc), scalable to meet the needs of the entire enterprise.

Sunday Cyber

Sunday Cyber

Sunday is a personal cybersecurity platform, built to protect the world’s top executive teams beyond the enterprise perimeter.