The internet just became a tad more uncertain than it was a few months ago. Or that’s what some cyber experts would have us believe. Namely, Google’s Threat Analysis Group recently reported on a fake cybersecurity company run by North Korean hackers targeting security experts.
Initially, the group began implementing their attacks in January. However, on March 17, all hell broke loose as Google’s TAG identified the setting up of a new website and social media profiles for the fake company SecuriElite. If you’re thinking that they could have been more inventive in coming up with the name, we couldn’t agree more.
Claiming to be a “cutting edge offensive security [firm],” they promise to “protect your digital data reliably.” Now, who are you going to believe, Google or some obscure, secretive North Korean-backed company? Hmmm, let us get back to you on this one.
Now, seriously, when you visit their website, Google displays a warning, saying: Visiting this website may harm your computer! They also suggest checking out additional information on Google’s Safe Browsing diagnostic page.
Additionally, the company ― Google, not SecuriElite ― recommends visiting StopBadware.org to learn more about protecting yourself from harmful software online.
We at EP Wired weren’t as brave as some of our readers may be to visit the website despite the warning in capital letters. Actually, all the malicious site’s visitors are in for a ride if they choose to disregard the word of advice by Google’s experts.
At the bottom of SecuriElite’s page, there is a link to their PGP public key. In January of this year, targeted researchers stated that the PGP key located on the attacker’s blog constituted a lure to visit the site “where a browser exploit was waiting to be triggered.”
Determined North Korean Hackers Targeting Security Experts
Who in the world would say that security researchers specializing in vulnerability research and development are prone to hacker attacks? Well, they aren’t really until some of their alleged industry peers contact them to start working together.
You read that right: the wicked SecuriElite spent vast amounts of time building their legitimacy by presenting themselves as security researchers. They established a research blog and used sock puppet Twitter profiles to amplify their reach and communicate with their targets.
Great article on the importance of listening to your intuition, even for those of us in the security business.
James Hamilton, Senior Vice President – Director of Protection Quality, GDBA
If we dare say it, they did a great job by including numerous write-ups and analyses of publicly disclosed vulnerabilities. SecuriElite indeed seemed legit, especially since they boasted with content from unwitting security researchers.
Unfortunately, some researchers were even compromised while visiting their blog. They followed Twitter links, giving the obscure SecuriElite team access to their systems and installing a malicious service.
While causing all this damage, the reasons behind the campaign and attacks remain unclear. But one thing’s for sure: hackers and state-sponsored entities are quickly changing gears and adjusting their methods.
Whether it’s a fake cybersecurity company run by North Korean hackers targeting security experts or some other sophisticated actor, you better be on the lookout. And yes, this applies primarily to those of you associated with the security industry!
To read more EP Wired news that shook the security world, check out these titles: