Update on campaign targeting security researchers
Contents
Update on campaign targeting security researchers
In January, the Threat Analysis Group documented a hacking campaign, which we were able to attribute to a North Korean government-backed entity, targeting security researchers. On March 17th, the same actors behind those attacks set up a new website with associated social media profiles for a fake company called “SecuriElite.”
The new website claims the company is an offensive security company located in Turkey that offers pentests, software security assessments and exploits. Like previous websites we’ve seen set up by this actor, this website has a link to their PGP public key at the bottom of the page. In January, targeted researchers reported that the PGP key hosted on the attacker’s blog acted as the lure to visit the site where a browser exploit was waiting to be triggered.
SecuriElite website
The attacker’s latest batch of social media profiles continue the trend of posing as fellow security researchers …
In January, the Threat Analysis Group documented a hacking campaign, which we were able to attribute to a North Korean government-backed entity, targeting security researchers. On March 17th, the same actors behind those attacks set up a new website with associated social media profiles for a fake company called “SecuriElite.”
The new website claims the company is an offensive security company located in Turkey that offers pentests, software security assessments and exploits. Like previous websites we’ve seen set up by this actor, this website has a link to their PGP public key at the bottom of the page. In January, targeted researchers reported that the PGP key hosted on the attacker’s blog acted as the lure to visit the site where a browser exploit was waiting to be triggered.
SecuriElite website
The attacker’s latest batch of social media profiles continue the trend of posing as fellow security researchers …
IoC
[email protected]
[email protected]
[email protected]
http://bestwing.org
http://codebiogblog.com
http://coldpacific.com
http://cutesaucepuppy.com
http://devguardmap.org
http://hireproplus.com
http://hotelboard.org
http://mediterraneanroom.org
http://redeastbay.com
http://regclassboard.com
http://securielite.com
http://spotchannel02.com
http://wileprefgurad.net
http://www.securielite.com
https://twitter.com/BenH3mmings
https://twitter.com/alexjoe9983
https://twitter.com/chape2002
https://twitter.com/julia0235
https://twitter.com/lookworld0821
https://twitter.com/osm4nd
https://twitter.com/seb_lazar
https://twitter.com/securielite
https://www.linkedin.com/company/securielite/
https://www.linkedin.com/in/carter-edwards-a99138204/
https://www.linkedin.com/in/colton-perry-6a8059204/
https://www.linkedin.com/in/evely-burton-204b29207/
https://www.linkedin.com/in/osman-demir-307520209/
https://www.linkedin.com/in/piper-webster-192676203/
https://www.linkedin.com/in/sebastian-lazarescue-456840209/
[email protected]
[email protected]
http://bestwing.org
http://codebiogblog.com
http://coldpacific.com
http://cutesaucepuppy.com
http://devguardmap.org
http://hireproplus.com
http://hotelboard.org
http://mediterraneanroom.org
http://redeastbay.com
http://regclassboard.com
http://securielite.com
http://spotchannel02.com
http://wileprefgurad.net
http://www.securielite.com
https://twitter.com/BenH3mmings
https://twitter.com/alexjoe9983
https://twitter.com/chape2002
https://twitter.com/julia0235
https://twitter.com/lookworld0821
https://twitter.com/osm4nd
https://twitter.com/seb_lazar
https://twitter.com/securielite
https://www.linkedin.com/company/securielite/
https://www.linkedin.com/in/carter-edwards-a99138204/
https://www.linkedin.com/in/colton-perry-6a8059204/
https://www.linkedin.com/in/evely-burton-204b29207/
https://www.linkedin.com/in/osman-demir-307520209/
https://www.linkedin.com/in/piper-webster-192676203/
https://www.linkedin.com/in/sebastian-lazarescue-456840209/