minute read
Share this article:
Hackers masquerade as security researchers to befriend analysts and eventually infect fully patched systems at multiple firms with a malicious backdoor.
Hackers linked to North Korea are targeting security researchers with an elaborate social-engineering campaign that sets up trusted relationships with them and then infects their organizations’ systems with custom backdoor malware.
That’s according to Google’s Threat Analysis Group (TAG), which issued a warning late Monday about a campaign it has tracked over the last several months that uses various means to interact with and attack professionals working on vulnerability research and development at multiple organizations.
North Korean Hackers Successfully Phished Cyber Researchers Using a Fake Blog
Share
Photo: Photo by JACK GUEZ / AFP, Getty Images
To sign up for our daily newsletter covering the latest news, features and reviews, head HERE. For a running feed of all our stories, follow us on Twitter HERE. Or you can bookmark the Gizmodo Australia homepage to visit whenever you need a news fix.
A recent phishing campaign by North Korean nation-state hackers successfully duped a number of security professionals who were involved in vulnerability research and development, according to a new report from Google’s Threat Analysis Group.
Google Warns Of Sneaky Social Engineering Hack From North Korea Targeting Security Researchers
Security researchers beware, as Google is reporting that a “government-backed entity based in North Korea” is targeting anyone working on vulnerability research and development. These attackers use several different accounts and means of communication to reach out to a target. Then, they share that they have a 0-day available for research, but it is instead just a trap ending in a compromised device.
In a report published yesterday, the Google Threat Analysis Group (TAG) announced this dangerous situation that is still developing. To build credibility, the attackers created several different Twitter accounts for interacting with people and posting blog links, videos, and retweeting seemingly legitimate posts from accounts they own. The blog posts that were created and shared on Twitter are simple vulnerabilities that have already been disclosed or are “guest” posts from “unwitti
North Korean state attacks legitimate security researchers
Threat researchers specialising in vulnerability research and development appear to be being targeted by a North Korean state-backed group
Share this item with your network: By Published: 26 Jan 2021 14:30
An ongoing campaign targeting legitimate security researchers within the industry appears to be the work of a government-backed entity based in North Korea, according to a new report from Google’s Threat Analysis Group, which has been tracking the campaign for a few months.
The group members have spent time and effort building credibility as legitimate cyber security researchers themselves, setting up a research blog and using sock puppet Twitter profiles both to interact with their targets and amplify their own reach.