Disclaimer: We may earn a commission if you make any purchase by clicking our links. Please see our detailed guide here.

Follow us on:

Google News
Whatsapp

North Korean hackers set up fake firm to target researchers

IANS
IANS
Meet the voice behind Indo-Asian News Service (IANS), a storyteller navigating the currents of global events with precision and depth. Crafting narratives that bridge cultures, IANS brings you the pulse of the world in every word

A North Korean government-backed hacking group has set up a new website for a fake company called “SecuriElite” to target security researchers, Google’s Threat Analysis Group has warned.

The new website claims the company is an offensive security firm located in Turkey that offers pentests, software security assessments and exploits.

This new campaign comes after Google’s Threat Analysis Group in January documented a hacking campaign by the same North Korean entity targeting security researchers working on vulnerability research and development at different companies and organizations.

In order to build credibility and connect with security researchers, the actors established a research blog and multiple Twitter profiles to interact with the potential targets.

They have used these Twitter profiles for posting links to their blog, posting videos of their claimed exploits and for amplifying and retweeting posts from other accounts that they control.

Talking about the new campaign, Google said that the new website, like previous websites set up by this actor, has a link to their PGP (which can be used to send messages confidentially) public key at the bottom of the page.

In January, the targeted researchers reported that the PGP key hosted on the attacker’s blog acted as the lure to visit the site where a browser exploit was waiting to be triggered.

“The attacker’s latest batch of social media profiles continue the trend of posing as fellow security researchers interested in exploitation and offensive security,” Adam Weidemann of Google’s Threat Analysis Group said in a blog post on Wednesday.

“On LinkedIn, we identified two accounts impersonating recruiters for antivirus and security companies. We have reported all identified social media profiles to the platforms to allow them to take appropriate action,” Weidemann said.

Google said that it has not yet observed the new attacker website serve malicious content, but it has added it to “Google Safebrowsing” as a precaution.

The Latest

Partner With Us

Digital advertising offers a way for your business to reach out and make much-needed connections with your audience in a meaningful way. Advertising on Techgenyz will help you build brand awareness, increase website traffic, generate qualified leads, and grow your business.

Recommended