Skip to main content

Update on campaign targeting security researchers

In January, the Threat Analysis Group documented a hacking campaign, which we were able to attribute to a North Korean government-backed entity, targeting security researchers. On March 17th, the same actors behind those attacks set up a new website with associated social media profiles for a fake company called “SecuriElite.”

The new website claims the company is an offensive security company located in Turkey that offers pentests, software security assessments and exploits. Like previous websites we’ve seen set up by this actor, this website has a link to their PGP public key at the bottom of the page. In January, targeted researchers reported that the PGP key hosted on the attacker’s blog acted as the lure to visit the site where a browser exploit was waiting to be triggered.


Securelite website image

SecuriElite website

The attacker’s latest batch of social media profiles continue the trend of posing as fellow security researchers interested in exploitation and offensive security. On LinkedIn, we identified two accounts impersonating recruiters for antivirus and security companies. We have reported all identified social media profiles to the platforms to allow them to take appropriate action. 


Linkedin photos

Actor controlled LinkedIn profiles

Twitter profiles

Actor controlled Twitter profiles

Tweet from SecuriElite announcing new company

Tweet from SecuriElite announcing new company

At this time, we have not observed the new attacker website serve malicious content, but we have added it to Google Safebrowsing as a precaution.

Following our January blog post, security researchers successfully identified these actors using an Internet Explorer 0-day. Based on their activity, we continue to believe that these actors are dangerous, and likely have more 0-days. We encourage anyone who discovers a Chrome vulnerability to report that activity through the Chrome Vulnerabilities Rewards Program submission process.


Actor controlled sites and accounts

Fake Security Company Website:

  • www.securielite[.]com
Twitter Profiles:
  • https://twitter.com/alexjoe9983
  • https://twitter.com/BenH3mmings
  • https://twitter.com/chape2002
  • https://twitter.com/julia0235
  • https://twitter.com/lookworld0821
  • https://twitter.com/osm4nd
  • https://twitter.com/seb_lazar
  • https://twitter.com/securielite

LinkedIn Profiles:

  • SecuriElite - https://ift.tt/3m4N9wc
  • Carter Edwards, HR Director @ Trend Macro - https://ift.tt/2PIEJP5
  • Colton Perry, Security Researcher - https://ift.tt/3wg1pac
  • Evely Burton, Technical Recruiter @ Malwarebytes - https://ift.tt/3fra2bT
  • Osman Demir, CEO @ SecuriElite - https://ift.tt/31wHZ2C
  • Piper Webster, Security Researcher - https://ift.tt/2QVsjnx
  • Sebastian Lazarescue, Security Researcher @ SecuriElite - https://ift.tt/3sGuLMr

Email:

  • contact@securielite.com
  • osman@securielite.com
  • submit@securielite.com

Attacker Owned Domains:

  • bestwing[.]org
  • codebiogblog[.]com
  • coldpacific[.]com
  • cutesaucepuppy[.]com
  • devguardmap[.]org
  • hireproplus[.]com
  • hotelboard[.]org
  • mediterraneanroom[.]org
  • redeastbay[.]com
  • regclassboard[.]com
  • securielite[.]com
  • spotchannel02[.]com
  • wileprefgurad[.]net



by Adam WeidemannThreat Analysis Group via The Keyword

Comments

Post a Comment

Popular posts from this blog

certain keys on my keyboard dont work when "cold"

Hi guys, i have a Lenovo Y520-15IKBN (80WK) and certain keys on the keyboard don't work (e,g,h,8,9,Fn...) but only when the weather is cold. for example in the winter it used to work after certain amount of time when i first boot the laptop and stops working when i stop using it for a while, but now that the weather is hot it works just fine except for the first couple of minutes or when its colder. of course i do realise that it has nothing to do with the outside weather but with the temperature of the computer itself. can someone explain to me why this is happening and how it should be fixed as i cannot take it to the tech service until july even though it's still under warranty because i need it for school. ps: an external keyboard works fine. Submitted April 29, 2018 at 03:35PM by AMmej https://ift.tt/2KiQg05
Post a Comment
Read more

Old PC with a Foxconn n15235 motherboard needs drivers! Help!!

So my Pc corrupted and I had to fresh install windows on it, but now its missing 3 drivers and one of them is for the Ethernet controller! I've tried searching everywhere for the windows 7 drivers but all I seem to find are some dodgey programs saying they will install it for me. Problem is without the ethernet driver I can't bloody connect to the internet. I've been using a USB to try get some drivers on there, but they just end up being useless programmes . I'm also a bit of a noob at these things, I don't understand where to find the names of things in my PC, I've opened it up but I don't understand whats significant and what isnt. If someone has the drivers and can teach me how to install them I'd be very appreciative! Submitted April 29, 2018 at 02:47PM by darrilsteady https://ift.tt/2r76xMZ
Post a Comment
Read more