The new website for the fake company, dubbed “SecuriElite”, claims to be located in Turkey and offers pentests, software security assessments, and exploits.
(Subscribe to our Today’s Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)
Hackers backed by the North-Korean government who targeted researchers in January have resurfaced this month with a fake offensive security company and social media profiles, Google has said in a blog post.
The new website for the fake company, dubbed “SecuriElite”, claims to be located in Turkey and offers pentests, software security assessments, and exploits. The website has a link to the PGP public key at the bottom of the page.
“In January, targeted researchers reported that the PGP key hosted on the attacker’s blog acted as the lure to visit the site where a browser exploit was waiting to be triggered,” Google said.
In addition to the website, hackers used social media profiles to pose as fellow security researchers interested in exploitation and offensive security.
Google identified two accounts on LinkedIn impersonating recruiters for antivirus and security companies. Threat actors had multiple accounts on Twitter and tweeted from the SecuriElite account, the name of their fake security company to assure people of its credibility.
“We have reported all identified social media profiles to the platforms to allow them to take appropriate action,” Google said.
“At this time, we have not observed the new attacker website serve malicious content, but we have added it to Google Safebrowsing as a precaution.”
The tech giant noted that these hackers using an Internet Explorer 0-day are dangerous and urged users to report the activity if they find a Chrome vulnerability.