Infosecurity Group Websites
Latest
News

North Korean Hackers Expand Targeting of Security Community

A North Korean espionage campaign targeting security researchers has taken another turn with the creation of a new fake company, website and social media accounts to lure victims, according to Google.

The tech giant’s Threat Analysis Group (TAG) first discovered the campaign back in January. At the time, the threat group launched a research blog which it posted links to via fake social media profiles on LinkedIn, Twitter and Keybase.

It then approached researchers in the cybersecurity community, asking if they wanted to collaborate on projects. They would either be sent backdoor malware or pointed to a blog site seeded with malware.

However, in mid-March, TAG analysts observed the group had launched a fake security company, ‘SecuriElite,’ with its own website.

“The new website claims the company is an offensive security company located in Turkey that offers pen-tests, software security assessments and exploits. Like previous websites we’ve seen set up by this actor, this website has a link to their PGP public key at the bottom of the page,” explained TAG’s Adam Weidemann.

“In January, targeted researchers reported that the PGP key hosted on the attacker’s blog acted as the lure to visit the site where a browser exploit was waiting to be triggered.”

Alongside the website, the North Korean group has created some more fake social media profiles related to both security researchers and non-existent recruiters for AV companies. One is misspelled “Trend Macro” rather than the legitimate firm Trend Micro.

Although the fake security company site as yet is not serving up malware to those who visit it, the group itself means business, Google warned.

“Following our January blog post, security researchers successfully identified these actors using an Internet Explorer zero-day. Based on their activity, we continue to believe that these actors are dangerous, and likely have more zero-days,” Weidemann concluded.

“We encourage anyone who discovers a Chrome vulnerability to report that activity through the Chrome Vulnerabilities Rewards Program submission process.”

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

Rise in Attacks on ICS Computers in Second Half of 2020

2
News

Fileless Malware Detections Soar 900% in 2020

3
News

Scammers Selling Fake #COVID19 Vaccination Cards for Just $20

4
News

Double-Extortion Ransomware Attacks Surged in 2020

5
News

UK Cyber Security Council Officially Launches as Independent Body

6
News

Three-Quarters of Legal Breaches Caused by Insiders

1
News

DHS Secretary Outlines Biden Administration’s Cybersecurity Vision

2
Opinion

The Latest Methods Cyber-Criminals Are Using to Trick You this #AprilFoolsDay

3
News

Booking.com Fined $558,000 for Late Breach Notification

4
News

North Korean Hackers Expand Targeting of Security Community

5
News

Half of Global Retailers See Account Takeovers Surge

6
News

#LORCALive: Cybersecurity to Play a Key Role in Supporting Growing Space Sector

1
Webinar

SOC for the Future: Transforming Security Operations' Speed and Stamina for Recovery

2
Webinar

Pharma Drama: Interactive Crisis Simulation of an Insider Threat

3
Webinar

The Vulnerability Landscape: Security Trends from 2020

4
Webinar

Security Mythbusting: Dismantling the Top Five API Myths

5
Webinar

Securing the #COVID19 Vaccine & Supply Chain

6
Webinar

Endpoint Strategies: Balancing Productivity and Security

1
Online Summit

[On-Demand] Infosecurity Magazine Spring Online Summit - EMEA 2021

2
Webinar

Security Mythbusting: Dismantling the Top Five API Myths

3
Online Summit

[On-Demand] Infosecurity Magazine Spring Online Summit - North America 2021

4
News Feature

Census 2021: How Safe Will Our Data Be Over the Next 100 Years?

5
Opinion

How Behavioral Biometrics is Combating Credential Stuffing Attacks

6
Webinar

Securing the #COVID19 Vaccine & Supply Chain