North Korean hackers are targeting researchers through fake offensive security firm
A North Korean hacking group has created a fake offensive security firm.
For strategic context on the meaning of this activity and what business leaders should do about it see: C-Suite Considerations Regarding Current Geopolitical Tensions
The actors are believed to be state sponsored by North Korea’s ruling party and were documented by Google’s Threat Analysis Group in January 2021. The cyberattackers had established fake profiles across social media. The actors established these credentials to build credibility and connections with security researchers. The fake profiles can be seen on Twitter, Keybase, and LinkedIn.
The members reached out to their targets and asked if they would like to collaborate on cybersecurity research, and then send them a malicious Visual Studio project with a backdoor. Another tactic utilized was asking researchers to visit a blog with malicious code and browser exploits. On March 31, an update stated the state-sponsored group has made a fake offensive security company with new profiles and a branded website. “SecuriElite” was set up on March 17. The false website claims to be based in Turkey. A link to a PGP public key has been added to the website and these links, while standard practices, have been used by the group to lure their targets into websites with exploits waiting to deploy.