Google: North Korea is targeting security researchers
Hackers have created a fake security research blog they use to start conversations with legitimate cybersecurity professionals
Google: North Korea is targeting security researchers
To continue reading.
Don t have an account?
Computing helps IT leaders to make technology a revenue and innovation engine for their businesses. Our unique package of news and analysis enables you to discover what the smartest minds in the industry are doing and scan the horizon for what’s next
REAL-TIME NEWS AND ANALYSIS: find out what’s happening and why in the technology space including news on your competitors and regulators – delivered to your desktop or mobile in a daily newsletter
Just recently, Google’s Threat Analysis Group (TAG) said North Korean hackers used multiple profiles on various social networks, such as Twitter, LinkedIn, Telegram, Discord, and Keybase, to reach out to security researchers using fake personas.
In a blog post by Adam Weidemann from Google’s Threat Analysis Group (TAG), he said: “In order to build credibility and connect with security researchers, the actors established a research blog and multiple Twitter profiles to interact with potential targets. They’ve used these Twitter profiles for posting links to their blog, posting videos of their claimed exploits and for amplifying and retweeting posts from other accounts that they control.”
Google s Threat Analysis Group uncovers an ongoing campaign targeting security researchers neowin.net - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from neowin.net Daily Mail and Mail on Sunday newspapers.
Tweets used by attackers to demonstrate previous exploits they d discovered (Source: Google)
North Korean hackers have been targeting security researchers working on vulnerability research and development at different companies and organizations to trick them into installing backdoored software, warns Google s Threat Analysis Group.
The group s Monday blog post describes what it says is a monthslong attack campaign that has already notched up multiple victims.
The campaign traces to a government-backed entity based in North Korea, which has used a variety of techniques to trick researchers, Google warns. We hope this post will remind those in the security research community that they are targets to government-backed attackers and should remain vigilant when engaging with individuals they have not previously interacted with.
Illustration by Alex Castro / The Verge
Government-backed hackers based in North Korea are targeting individual security researchers through a number of means including a “novel social engineering method,” Google’s Threat Analysis Group is reporting. The campaign has reportedly been ongoing for several months, and worryingly appears to exploit unpatched Windows 10 and Chrome vulnerabilities.
Although Google doesn’t say exactly what the aim of the hacking campaign is, it notes that the targets are working on “vulnerability research and development.” This suggests the attackers may be trying to learn more about non-public vulnerabilities that they can use in future state-sponsored attacks.