Apr 22, 2021 | IT North Corea north corea North-Corea Cyber Cyber Security

New threat: False data security

North Korean hackers have set up fake security companies as well as social media accounts, as part of a campaign targeting cybersecurity companies and employees to trick malware.

“Offensive Security”
The hackers have used at least two fake accounts on LinkedIn that mimic recruiters from antivirus software and security companies. One of the recruiters, "Carter Edwards", "works" in a company called "Trend Macro", which can quickly be confused with the real security company Trend Micro. The company also has its own Twitter account. Both LinkedIn and Twitter have removed the accounts permanently.

The fake business that hackers call "SecuriElite" claims to be based in Turkey and focused on offensive security, penetration testing, software security, and exploitation.

The hackers created the "company" in March 2021. Their Twitter account has only tweeted once and has only one follower.

This is not the first time North Korean hackers have set up a fake website and fake social media accounts to trick real security companies into downloading malicious software.

Associated with a country's authorities
Google previously unveiled a similar version of the campaign targeting bloggers. A seemingly legitimate security blog demonstrated the "vulnerability" of blogs or blogging platforms where bloggers could with a click find out if their blog was infected.

The fact that the hackers have revitalized the "security campaign" in recent days, indicates that they do not allow themselves to be deterred from having been exposed before. Google states without further specification that the grouping is affiliated with a country's authorities.

Pretty Good Privacy
The hackers do not appear to be targeting the SecuriElite campaign against specific targets, but on the website, they offer a link to their Pretty Good Privacy (PGP) key that is similar to the one used to distribute a browser add-on in the previous version of the offensive.

North Korean hackers have recently run a targeted campaign in which they have distributed infected Microsoft Word documents to employees of airlines and defense companies, according to McAfee.