Security researchers under attack from North Korea
Attackers used fake social media profiles to target security experts, Google warns
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Individuals working forGoogle’s Threat Analysis Group (TAG) have discovered a cyberattack campaign coming out of North Korea that appears to be targeting security researchers. The attack is broad in scope, utilizing blog posts, fake social media profiles, and email accounts to engage with the researchers.
“Over the past several months, the Threat Analysis Group has identified an ongoing campaign targeting security researchers working on vulnerability research and development at different companies and organizations,” Adam Weidemann, a security researcher at TAG,explained. “The actors behind this campaign, which we attribute to a government-backed entity based in North Korea, have employed a number of means to target researchers which we will outline below. We hope this post will remind those in the security research community that they are targets to government-backed attackers and should remain vigilant when engaging with individuals they have not previously interacted with.”
Once contact had been established between the threat actor and the security researcher, an offer would be made to collaborate on a vulnerability research program. A Visual Studio Project would then be shared that would install malware on the researcher’s device.
Bad blog
It was also discovered that the North Korean hackers were deploying more than one attack method. In addition to the Visual Studio attack, they would also sometimes direct researchers to a blog hosted at “blog[.]br0vvnn[.]io” that contained malicious code.
Interestingly, some of the researchers that accessed the malware-ridden blog still got infected despite running the most up-to-date versions ofWindows 10and Google Chrome. This suggests that the cyberattackers must have employed some combination of zero-day vulnerabilities in order to infect their victims’ devices.
The Google TAG researchers have compiled a list of social media profiles used to deceive security researchers. If an individual does believe that they are likely to have been affected, they should conduct a thorough security audit of their devices immediately.
ViaZDNet
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services. After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things.
HPE reveals critical security bug affecting networking access points
A critical Palo Alto Networks bug is being hit by cyberattacks, so patch now
Another reason to avoid edge-lit 4K TVs: they may fail faster than others, according to this report
