N. Korean Hacking Group Is Targeting Security Researchers

A North Korean hacking group that targets security researchers has now created a fake offensive security firm. This firm which is believed to be state-sponsored,  has been exposed by Google's Threat Analysis Group (TAG).

The TAG, which specialises in tracking advanced persistent threat (APT) groups) has identified an on-going campaign targeting security researchers working on vulnerability research and development at different companies and organisations. 

The attacker’s latest batch of social media profiles continue the trend of posing as fellow security researchers interested in exploitation and offensive security.  

On LinkedIn, two accounts have been identified impersonating recruiters for antivirus and security companies.  Google TAG, , said at the time that the North Korean cyber attackers had established a web of fake profiles on social media, including Twitter, Keybase, and LinkedIn.  "In order to build credibility and connect with security researchers, the actors established a research blog and multiple Twitter profiles to interact with potential targets," Google said. "They've used these Twitter profiles for posting links to their blog, posting videos of their claimed exploits, and for amplifying and retweeting posts from other accounts that they control." 

When members of the group reached out to their targets, they would ask if their intended victim wanted to collaborate on cyber security research, before sending them a malicious MS Visual Studio development tool project containing a backdoor. They might also ask researchers to visit a blog laden with malicious code including browser exploits.  

In an update the TAG's Adam Weidemann said that the state-sponsored group has now changed tactics by creating a fake offensive security company "SecuriElite"with new social media profiles and a branded website. The fake company claims to be based in Turkey offering penetration testing services, software security assessments, and exploits. 

A link to a PGP public key has been added to the website. While the inclusion of PGP is standard practice as an option for secure communication, the group has used these links in the past as a means to lure their targets into visiting a page where a browser-based exploit is waiting to deploy.  

In addition, the SecuriElite 'team' has been furnished with a fresh set of fake social media profiles. The threat actors are posing as fellow security researchers, recruiters for cybersecurity firms, and in one case, the HR director of "Trend Macro" -- not to be confused with the legitimate company Trend Micro.  

Google's team linked the North Korean group with the usage of Internet Explorer zero-day in January. The company believes that it is likely they have access to more exploits and will continue to use them in the future against legitimate security researchers.  Google says they have reported all identified social media profiles to the platforms to allow them to take appropriate action.   

Google:       Google:       ZDNet:        Microsoft

You Might Also Read: 

North Korean Hackers Have Stolen $2billion:

 

« Guilty: DeepDotWeb Owner Confesses
Iran Nuclear Plant Hit By Cyber Attack »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CloudEndure

CloudEndure

CloudEndure offers Disaster Recovery and Continuous Replication for the Cloud.

Pyramid Computer

Pyramid Computer

Pyramid Computer provides custom enterprise solutions for Industrial PC, Imaging, Network, Security, POS, Indoor Positioning and Automation.

RiskLens

RiskLens

RiskLens is a software company that specializes in the quantification of cybersecurity risk.

Fasoo

Fasoo

Fasoo provides data-centric security to protect data within the organizational perimeter and beyond by limiting access to sensitive data according to policies that cover both users and activities.

Guardea Cyberdefense

Guardea Cyberdefense

Guardea Cyberdefense is an IT services company specializing in the management of security projects, with a pool of skills selected from a network of specialized partners.

Insta Group

Insta Group

Insta are a trusted cyber security partner for security-critical companies and organizations.

i-Sprint Innovations

i-Sprint Innovations

i-Sprint is a leader in Securing Identity and Transactions in the Cyber World for industries that are security sensitive.

OCM Business Systems

OCM Business Systems

OCM are experts in the safe, secure and responsible disposal of IT & EPoS assets.

CyberSecJobs.com

CyberSecJobs.com

CyberSecJobs.com is a career site and job fair company providing services and resources to the cyber security community.

YesWeHack

YesWeHack

YesWeHack offers companies an innovative approach to cybersecurity with Bug Bounty (pay-per-vulnerability discovered) to identify and report vulnerabilities in their systems.

Open Raven

Open Raven

Open Raven is the cloud native data security platform that prevents breaches driven by modern speed and sprawl. Restore full visibility and regain control within minutes, without agents.

Feroot Security

Feroot Security

Feroot Security secures client-side web applications so that businesses can deliver a flawless user experience to their customers. Our products help organizations protect their client-side surface.

Lupovis

Lupovis

Lupovis is an AI-based deception solution that deploys active decoys turning your network from a flock of sheep to a pack of wolves where the hunter becomes the hunted.

Gradient Cyber

Gradient Cyber

Gradient Cyber is a trusted cybersecurity partner specializing in small businesses and mid-market enterprises concerned about cybersecurity but lacking the staff to give it the attention it deserves.

AdronH

AdronH

AdronH is a company of Cyber Security consultants. We support companies and public institutions with their digital transformation to new and secure business platforms.

Prembly

Prembly

Prembly are a compliance and security infrastructure company.

Benchmark IT Services (BITS)

Benchmark IT Services (BITS)

BITS is a leading cyber security company in Australia. Our certified professionals work with you to keep your data assets safe and secure.

BJSS

BJSS

BJSS is an award-winning technology and engineering consultancy for business.