Thursday, April 15, 2021

Hackers Disguise Themselves as A Security Company | Total Security

A North Korean hacker group disguises itself as a fake security company and seeks contact with established security researchers to tap their knowledge in supposedly joint projects.

 

Hackers Pretend as Security Company | Total Security

The Google Threat Analysis Group (TAG) has discovered a new tactic used by hackers. Threat actors, allegedly sponsored by the state and backed by the North Korean ruling party, have built a network of fake profiles on social media, including Twitter, Keybase and LinkedIn.


"In order to gain credibility and connect with security researchers, the actors set up a research blog and several Twitter profiles to interact with potential targets" said Google. "They used these Twitter profiles to post links to their blog, post videos of their alleged exploits, and to reinforce and retweet posts from other accounts they control."


When members of the group achieved their goals and gained a reputation in the security community, they would ask if their intended victim would like to participate in cybersecurity research - before sending them a malicious Visual Studio project with a backdoor. Alternatively, they ask the researchers to visit a blog that contains malicious code including browser exploits.


In a March 31 update, TAG's Adam Weidemann stated that the state-sponsored group has now changed their tactics by starting a fake, offensive security company, complete with new social media profiles and a branded website.


The fake company, called "SecuriElite", was founded on March 17th as secure elite [.] Com. SecuriElite claims to be based in Turkey and offers penetration testing, software security assessments and exploits.


Note: Always use authorised antivirus solution like Protegent Total Security to keep your data safe from online threats.


A link to a PGP public key has been added to the website. While the inclusion of PGP as an option for secure communication is standard, the group has used these links in the past as a means to lure its targets to a page where a browser-based exploit is waiting to be deployed.

In addition, the SecuriElite “team” was equipped with a new set of fake social media profiles. The threat actors pose as security researchers friends, recruiters for cybersecurity companies and, in one case, as the HR manager of “Trend Macro” - not to be confused with the reputable company Trend Micro.


The Google team linked the North Korean group to using Internet Explorer Zero-Day back in January. The company believes it is likely that they will have access to additional exploits and will continue to use them against reputable security researchers in the future.


"We have reported all identified social media profiles to the platforms so that they can take appropriate action," said Google. "At the time, we didn't see the new attacker website offering malicious content, but we added it to Google Safebrowsing as a precautionary measure."

No comments:

Post a Comment

What Is a ListentoYouTube Virus and How to Remove This?

On the off chance that you were searching for an approach to convert YouTube videos to MP3, you may have discovered the ListentoYouTube viru...