{
	"id": "6cc984e2-8467-4665-9635-55dab55b858b",
	"created_at": "2026-04-06T00:17:17.495345Z",
	"updated_at": "2026-04-10T03:20:17.042956Z",
	"deleted_at": null,
	"sha1_hash": "a3caf794c252a6f9d669b8a777a30a24b598d0d3",
	"title": "Update on campaign targeting security researchers",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 45008,
	"plain_text": "Update on campaign targeting security researchers\r\nBy Adam Weidemann\r\nPublished: 2021-03-31 · Archived: 2026-04-05 19:05:06 UTC\r\nIn January, the Threat Analysis Group documented a hacking campaign, which we were able to attribute to a\r\nNorth Korean government-backed entity, targeting security researchers. On March 17th, the same actors behind\r\nthose attacks set up a new website with associated social media profiles for a fake company called “SecuriElite.”\r\nThe new website claims the company is an offensive security company located in Turkey that offers pentests,\r\nsoftware security assessments and exploits. Like previous websites we’ve seen set up by this actor, this website\r\nhas a link to their PGP public key at the bottom of the page. In January, targeted researchers reported that the PGP\r\nkey hosted on the attacker’s blog acted as the lure to visit the site where a browser exploit was waiting to be\r\ntriggered.\r\nThe attacker’s latest batch of social media profiles continue the trend of posing as fellow security researchers\r\ninterested in exploitation and offensive security. On LinkedIn, we identified two accounts impersonating recruiters\r\nfor antivirus and security companies. We have reported all identified social media profiles to the platforms to\r\nallow them to take appropriate action. \r\nActor controlled LinkedIn profiles\r\nActor controlled Twitter profiles\r\nTweet from SecuriElite announcing new company\r\nAt this time, we have not observed the new attacker website serve malicious content, but we have added it to\r\nGoogle Safebrowsing as a precaution.\r\nFollowing our January blog post, security researchers successfully identified these actors using an Internet\r\nExplorer 0-day. Based on their activity, we continue to believe that these actors are dangerous, and likely have\r\nmore 0-days. We encourage anyone who discovers a Chrome vulnerability to report that activity through the\r\nChrome Vulnerabilities Rewards Program submission process.\r\nActor controlled sites and accounts\r\nFake Security Company Website:\r\nwww.securielite[.]com\r\nTwitter Profiles:\r\nhttps://twitter.com/alexjoe9983\r\nhttps://twitter.com/BenH3mmings\r\nhttps://twitter.com/chape2002\r\nhttps://blog.google/threat-analysis-group/update-campaign-targeting-security-researchers/\r\nPage 1 of 2\n\nhttps://twitter.com/julia0235\r\nhttps://twitter.com/lookworld0821\r\nhttps://twitter.com/osm4nd\r\nhttps://twitter.com/seb_lazar\r\nhttps://twitter.com/securielite\r\nLinkedIn Profiles:\r\nSecuriElite - https://www.linkedin.com/company/securielite/\r\nCarter Edwards, HR Director @ Trend Macro - https://www.linkedin.com/in/carter-edwards-a99138204/\r\nColton Perry, Security Researcher - https://www.linkedin.com/in/colton-perry-6a8059204/\r\nEvely Burton, Technical Recruiter @ Malwarebytes - https://www.linkedin.com/in/evely-burton-204b29207/\r\nOsman Demir, CEO @ SecuriElite - https://www.linkedin.com/in/osman-demir-307520209/\r\nPiper Webster, Security Researcher - https://www.linkedin.com/in/piper-webster-192676203/\r\nSebastian Lazarescue, Security Researcher @ SecuriElite - https://www.linkedin.com/in/sebastian-lazarescue-456840209/\r\nEmail:\r\ncontact@securielite.com\r\nosman@securielite.com\r\nsubmit@securielite.com\r\nAttacker Owned Domains:\r\nbestwing[.]org\r\ncodebiogblog[.]com\r\ncoldpacific[.]com\r\ncutesaucepuppy[.]com\r\ndevguardmap[.]org\r\nhireproplus[.]com\r\nhotelboard[.]org\r\nmediterraneanroom[.]org\r\nredeastbay[.]com\r\nregclassboard[.]com\r\nsecurielite[.]com\r\nspotchannel02[.]com\r\nwileprefgurad[.]net\r\nRelated stories\r\nSource: https://blog.google/threat-analysis-group/update-campaign-targeting-security-researchers/\r\nhttps://blog.google/threat-analysis-group/update-campaign-targeting-security-researchers/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://blog.google/threat-analysis-group/update-campaign-targeting-security-researchers/"
	],
	"report_names": [
		"update-campaign-targeting-security-researchers"
	],
	"threat_actors": [],
	"ts_created_at": 1775434637,
	"ts_updated_at": 1775791217,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/a3caf794c252a6f9d669b8a777a30a24b598d0d3.pdf",
		"text": "https://archive.orkl.eu/a3caf794c252a6f9d669b8a777a30a24b598d0d3.txt",
		"img": "https://archive.orkl.eu/a3caf794c252a6f9d669b8a777a30a24b598d0d3.jpg"
	}
}