N. Korean Hacking Group Is Targeting Security Researchers

A North Korean hacking group that targets security researchers has now created a fake offensive security firm. This firm which is believed to be state-sponsored,  has been exposed by Google's Threat Analysis Group (TAG).

The TAG, which specialises in tracking advanced persistent threat (APT) groups) has identified an on-going campaign targeting security researchers working on vulnerability research and development at different companies and organisations. 

The attacker’s latest batch of social media profiles continue the trend of posing as fellow security researchers interested in exploitation and offensive security.  

On LinkedIn, two accounts have been identified impersonating recruiters for antivirus and security companies.  Google TAG, , said at the time that the North Korean cyber attackers had established a web of fake profiles on social media, including Twitter, Keybase, and LinkedIn.  "In order to build credibility and connect with security researchers, the actors established a research blog and multiple Twitter profiles to interact with potential targets," Google said. "They've used these Twitter profiles for posting links to their blog, posting videos of their claimed exploits, and for amplifying and retweeting posts from other accounts that they control." 

When members of the group reached out to their targets, they would ask if their intended victim wanted to collaborate on cyber security research, before sending them a malicious MS Visual Studio development tool project containing a backdoor. They might also ask researchers to visit a blog laden with malicious code including browser exploits.  

In an update the TAG's Adam Weidemann said that the state-sponsored group has now changed tactics by creating a fake offensive security company "SecuriElite"with new social media profiles and a branded website. The fake company claims to be based in Turkey offering penetration testing services, software security assessments, and exploits. 

A link to a PGP public key has been added to the website. While the inclusion of PGP is standard practice as an option for secure communication, the group has used these links in the past as a means to lure their targets into visiting a page where a browser-based exploit is waiting to deploy.  

In addition, the SecuriElite 'team' has been furnished with a fresh set of fake social media profiles. The threat actors are posing as fellow security researchers, recruiters for cybersecurity firms, and in one case, the HR director of "Trend Macro" -- not to be confused with the legitimate company Trend Micro.  

Google's team linked the North Korean group with the usage of Internet Explorer zero-day in January. The company believes that it is likely they have access to more exploits and will continue to use them in the future against legitimate security researchers.  Google says they have reported all identified social media profiles to the platforms to allow them to take appropriate action.   

Google:       Google:       ZDNet:        Microsoft

You Might Also Read: 

North Korean Hackers Have Stolen $2billion:

 

« Guilty: DeepDotWeb Owner Confesses
Iran Nuclear Plant Hit By Cyber Attack »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ITrust

ITrust

ITrust develops breakthrough products in Cyber/Artificial Intelligence, offering its products in Europe, America and Africa through its partner network (VAR, MSSP, OEM).

Crosscheck Networks

Crosscheck Networks

Crosscheck products allow you to test your APIs across different protocols and message formats with functional automation, performance, and security testing capabilities.

ESNC

ESNC

ESNC’s vulnerability management and real-time SAP security monitoring solutions help largest corporations in the world to effectively prioritize SAP security tasks and secure their business.

Exatel

Exatel

Exatel is Poland’s leading provider of ICT security services.

Relyum

Relyum

Relyum provides innovative solutions for networking, synchronization and cybersecurity in critical systems.

Romanian Accreditation Association (RENAR)

Romanian Accreditation Association (RENAR)

RENAR is the national accreditation body for Romania. The directory of members provides details of organisations offering certification services for ISO 27001.

SEEK

SEEK

SEEK create world-class technology solutions to address the needs of job seekers and hirers across multiple sectors including cybersecurity.

u-blox

u-blox

u-blox deliver leading wireless technology to reliably and securely locate and connect people and devices.

Cynexlink

Cynexlink

Cynexlink offers Managed IT Services with Security, Network, Storage & Cloud solutions for all size of business.

Red Piranha

Red Piranha

Red Piranha's Crystal Eye Unified Threat Management Platform is designed for Managed Service Providers and corporations that need extreme security that is both easy to use and affordable.

Nucleus Security

Nucleus Security

Nucleus is a leading Vulnerability Management platform for Large Enterprises, MSPs/MSSPs, and Application Security Teams that want more from their vulnerability management tools.

Protek International

Protek International

Protek International delivers world-class Digital Forensics, eDiscovery, Cyber Security, and related Advisory services.

Quartz Network

Quartz Network

Quartz Network is a curated community for change-makers, up-and-comers, and professionals who are ready to grow, adapt, and thrive.

Labaton Sucharow

Labaton Sucharow

Standing on the horizon of law and technology, our Cybersecurity and Data Privacy Practice helps to protect consumers who have been harmed by businesses’ failures to safeguard their customers' data.

Solcon Capital

Solcon Capital

Solcon Capital is a forward-looking, technology-focused investment firm that is committed to identifying and investing in the most promising areas of innovation and development in the tech industry.

coc00n

coc00n

coc00n secures the devices of high-value and high-interest individuals against cyber attacks.