The company claimed last month that an Iranian-linked entity was behind the breach of the Australian Parliament network. More recently, it claimed that the same Iranian group was responsible for the breach at multinational software company Citrix Systems.
Criticism of Resecurity's claim about the Australian Parliament hack, which was published by The Wall Street Journal and iTWire, was made on 21 February by Kevin Collier, a reporter with Buzzfeed, who cited the company's claims and then linked to an article in the Sydney Morning Herald where the counter-claim was made that China was behind the hack.
Wrote Cimpanu: "There were a lot of details around this story that kept changing last night. Then he (Gatlan) got a weird reply from the company via email. Then there was their obsession with Iran."
And Costin Raiu, a senior researcher and the head of Kaspersky Lab's Global Research and Analysis Team, said: "Some facts: the Resecurity website doesn't even have an About page. Their corporate movie has a bunch of actors talking about security but no names or titles. Their president has no work history before 2017. Of course, it may be legit, but for now it looks odd."
Added Raiu: "I'd be cautious with this story (the Citrix story on CNBC), feels like there's a lot of FUD (fear, uncertainty and doubt) surrounding it. Eg: 'Iridium broke its way into Citrix's network about 10 years ago, and has been lurking inside [...] ever since'. Then 'Citrix came under attack twice, once in December and again Monday."
Brian Bartholomew, another senior researcher from Kaspersky, said: "These Resecurity folks are really jacking some shit up lately. First they say Iran is responsible for the AU parliament hack, and now they say an Iranian group named 'Iridium' is behind the Citrix stuff."
The Resecurity website has only two research reports in its blog, about the Australian Parliament and Citrix hacks. There are claims on its website of supplying services to several high-profile clients like Microsoft, JPMorgan Chase and Amazon but the logos of these companies do not link to the clients' websites. There is also a list of awards that Resecurity claims to have won, but again the logos of these awards do not link anywhere.
Asked for his response to the criticism, Resecurity researcher Jean-Jacques Gonçalves told iTWire: "Unfortunately, we don't comment [on] such statements delivered in [the] form of 'tweets'. Moreover, they have no relation to the topic, and have minimal insight on it. We are not familiar with these wonderful gentlemen, and with interest read their communications when the time allows."
Gonçalves added: "None of them has reached out officially, besides Sergiu Gatlan, and has no relation to our company as well. We have provided an official comment only to Sergiu Gatlan through our press service, who later for some reasons said 'he has received a weird reply' (we have a copy, and documented correspondence with him, which included a kind and timely addressed recommendation to read an official statement published on our website)."
He also pointed out that Cimpanu, Gatlan and Raiu were all of Romanian ancestry — though he did not expand on the significance of this — while Raiu, Bartholomew and Eugene Kaspersky — who retweeted Collier's claims — were all from Kaspersky Labs.
Gonçalves provided links to show the Russian company had a relationship with Citrix, though he again did not expand on what he was implying.
"Probably, it may characterise the level of culture in general, but typically we don't comment such things," he said. "We wish only the best to Kaspersky Labs, understanding some challenges they had to face with in the past few years." The last statement was a reference to the issues Kaspersky Lab has faced in the US, which ended up with it losing all its business with the American public sector.
Gonçalves dismissed Collier's claims in detail, saying that only one of the three points he (Collier) had made was valid: the reference to the WSJ headline. Of the other two, he said Resecurity had a detailed blog post about the Australian hack, tying the group IRIDIUM to it. And he also contested Collier's claim about the SMH article being based on government or government-adjacent sources, saying that the article mentioned "top-level sources" who could not be in any way identified as they were not named.
He also mentioned that China had denied any involvement in the Parliament attack.
"Moreover, we have reached [out] to [the] lady [who] published this article – Latika Bourke. After our contact, it has been modified several times (starting from wrong use of our company name, and ending with 'top-level sources', who in the past 'couldn’t comment anything on the record'. In such case, on what sources she was relying is still a question. From our side, we haven’t changed a single word," he said.
The company's website was down for quite some time on Monday morning Australian time; when asked about this, Gonçalves said: "We have installed Cloudflare and you saw its cache for couple of minutes."