Google's Threat Analysis Group (TAG) has reported that the very same North Korean threat actors, dubbed Zinc, that targeted security researchers back in January 2021 have engaged in a new campaign that includes the spin-up of a fake security company called SecuriElite.
SecuriElite comes complete with fake Twitter and LinkedIn accounts and aims to trick security pros into falling into a malicious cyber-espionage trap.
“On LinkedIn, we identified two accounts impersonating recruiters for antivirus and security companies,” Google researchers said.
Rami Habal, Chief Product Officer, Abnormal Security said that malicious actors have become increasingly sophisticated in their approach to email attacks.
"It’s no longer a brute force numbers game where large volumes of mediocre lures are blasted into as many inboxes as possible. That’s because companies have gotten very good at stopping those types of attacks. Instead, modern attackers are taking the time to effectively impersonate partners, vendors, and in this case, a fake security company."
Google is taking precautions by adding it to the Google Safebrowsing list even though no malicious content has come out of the website itself.
Still, email attacks seems to be the real threat here.
"Novel attacks like this are impossible for traditional email security technologies to detect. That’s why today’s threat landscape requires a modern approach to email security that leverages behavioral data science to establish a clear understanding of the organization and the people sending emails," said Habal.