Security Market Segment LS
Wednesday, 13 March 2019 11:22

Man behind firm that linked Iran to Citrix hack revealed Featured

Man behind firm that linked Iran to Citrix hack revealed Pixabay

Security firm Resecurity, which was in the news recently when it claimed an Iran-linked group was behind both the breach of the Australian Parliament network and at multinational software company Citrix Systems, appears to be headed by a man who has been in the security industry previously but landed in controversy over some of his media comments, the researcher who discovered his identity claims.

The man appears to be one Andrey Andreevich Komarov, aka Andrew Komarov, and he was identified by a researcher who uses the Twitter handle Deacon Blues.

iTWire verified that Komarov is part of Resecurity by calling the company early this morning AEDT — when it was about 11.30 am in Los Angeles, the city mentioned as its location on its website — only to be told that Komarov was not available.

The woman who answered the phone said a message could be passed on to Komarov. iTWire then asked if Resecurity researcher Jean-Jacques Gonçalves, who has corresponded at length with this writer for two stories, was available, but was told that he wasn't there as well.

But the woman said clearly that there was no individual named Charles Yoo or Chuck Yoo – which is the name that Resecurity has given to news outlets like NBC News and The Wall Street Journal when providing information about the Citrix hack.

iTWire has requested a call back and, if anyone does call, any additional information provided will be added to this story.

On Tuesday night, Gonçalves was sent an email, asking for his reaction to the claims made by Deacon Blues. He has not responded so far.

Gonçalves was swift to respond to all previous emails sent by this writer, regarding both the Australian Parliament incident and also the criticism levelled at the company.

The email sent to Gonçalves was forwarded to Resecurity's general media email address this morning, but there has been no reply to that either.

After iTWire  pointed out that Resecurity's claims on its website, of supplying services to several high-profile clients like Microsoft, JPMorgan Chase and Amazon, had no links, the company has now added links. The same has been done for a list of awards, the logos of which are now linked.

Resecurity has also added a number of links to press releases under a new section called News on its website. But the company still has no About page which is found on practically all company websites.

According to Deacon Blues' tweets, Komarov previously worked for a company known as InfoArmor. That company acquired another firm known as IntelCrawler which he set up.

When Resecurity released a claim about the Citrix intrusion, some outlets like The Register and NBC News used it as source material. Deacon Blues captured a screenshot from a search for the NBC article which showed that it had changed attribution from Komarov to Yoo as seen below.

Deacon Blues outlined details of previous incidents involving claims made by Resecurity.

"Seems like the issue of who is behind @resecurity_com issue is a lot more boring than expected," he/she commented in one tweet. "It's a news jacking attempt. Founder has a history of riding the wave of news stories. A few Twitter trolls are along for the ride."

The researcher attached a screenshot of a document that he said was the initial filing made in California by Resecurity, giving the address of a rental mailbox.

He/she pointed out that Komarov had been quoted in "several media outlets, including the New York Times, Washington Post, Reuters, etc. These articles were mainly about the Target and Yahoo! hacks. In both of those cases, Komarov would land in controversy".

Deacon Blues claimed in the case of the Target hack, Komarov had pointed the finger at a 17-year-old as the source behind the malware that was used. But this turned out to be incorrect and Komarov's former boss had to correct the record, Deacon Blues said.

In the case of the Yahoo! breach, Komarov was said to have spotted the infiltration before it was made public. "The only problem: he never bothered to tell anyone until after it had been announced," Deacon Blues said.

After the tweet thread by Deacon Blues, some researchers have poked a bit of fun at Resecurity as shown in the tweet below:


You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer


QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.



iTWire can help you promote your company, services, and products.


Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments