North Korean Hackers Setup Fake Cybersecurity Firm to Target Security Experts

A hacking group that is backed by the North Korean government is targeting cybersecurity researchers with malware as part of a new social engineering attack.

According to a late March report from Google's Threat Analysis Group, the hackers set up a phony security company called SecuriElite along with several social media accounts on Twitter and LinkedIn in an effort to fool researchers into visiting the company's website that was set up with a browser exploit.

TAG's Adam Weidemann said of the website that launched on March 17th, "The new website claims the company is an offensive security company located in Turkey that offers pentests, software security assessments and exploits,"

Eight Twitter profiles and seven LinkedIn profiles were created for so-called employees claiming to be vulnerability researchers and HR personnel at the fake security firms. All of the profiles have since been suspended.

Additionally, Google added the purported website's URL to its Safebrowsing blocklist service to prevent anyone else from accidentally visiting the site.

Hackers set up a phony security companies with names including SecuriElite and Trend Macro. Photo Credit: Google Threat Analysis Group

The actual motive behind the attacks is still a mystery, although some suspect that the NoKo hackers may have been attempting to get a hold of zero-day research in order to use those unpatched vulnerabilities to execute future attacks on additional targets.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

HTML is not allowed.