In January 2021, Google experts warned that North Korean hackers attack IS specialists engaged in vulnerability research.
They used social engineering to specialists, tried to gain their trust, and eventually lure them to malicious sites and infect their systems with malware.Now Google writes that these attacks have resumed: the website of the fake information security firm SecuriElite was discovered, as well as its Twitter and LinkedIn accounts, which were created by the same hacker group. Allegedly, the firm is located in Turkey and is engaged in pentests, software security assessments and exploits.
The company has been linked to past attacks by using the same PGP public key.
Apparently, the attackers acted according to the old scheme: they planned to use accounts on social networks to communicate with information security specialists in order to lure researchers to their website, where they would use browser exploits against them and infect their machines with malware.
While the first wave of attacks exploited zero-day vulnerabilities in Google Chrome, Internet Explorer and Windows 10, the new site did not contain any malicious code.
Although the SecuriElite site was not malicious at the time of discovery, Google still added the site address (securielite[.]com) to the Safe Browsing API to prevent users from accessing it even by accident. Experts also notified social networks about the accounts of the attackers, which are now blocked.
Let me remind you that I also wrote that the North Korean hack group Lazarus is interested in data on COVID-19 vaccines.