Researchers at Google LLC’s Threat Analysis Group warn that North Korean hackers are targeting security researchers with a fake company called “SecuriElite.” The hackers even have a website and social media profiles for the phony company.
The initial report from January warns that the North Korean Advanced Persistent Threat (ATP) group targeted security searchers working on vulnerability research and development in particular.
The campaign saw the North Korean hackers create a Twitter account and maintain a research blog to build credibility and better establish connections with security researchers. The blog included analyses and writeups of various vulnerabilities. The blog included guest posts from legitimate security researchers who had themselves been tricked into believing they were creating articles for a legitimate website.
The blog was only the beginning of what the hackers had planned. The website claims to be a Turkish cybersecurity company offering software security assessments, penetration testing, and exploits for researchers. The website also includes a PGP public vital researchers can use to send secure messages to the group. This PGP key is also on the blog.
The fake social media profiles are similar to the ones created earlier in the year and include links to fake profiles on LinkedIn.
Rami Habal, the Chief Product Officer with Abnormal Security Corp., says that hackers are becoming “increasingly sophisticated in their approach to email attacks.” Habal says, “It’s no longer a brute-force numbers game where large volumes of mediocre lures are blasted into as many inboxes as possible. That’s because companies have gotten very good at stopping those types of attacks.”
Habal notes that attackers are taking the time to impersonate vendors, partners, and even security experts as part of their attacks. “Novel attacks like this are impossible for traditional email security technologies to detect,” he said. “That’s why today’s threat landscape requires a modern approach to email security that leverages behavioral data science to establish a clear understanding of the organization and the people sending emails.”