News

Google warns of North Korean hacking attack on security researchers

By admin
Spread the love

According to Google’s Threat Analysis Group, a hacking campaign targeting security researchers has been launched in recent months. North Korean state hackers are said to be behind the campaign.

The state hackers target specific security researchers and use forms of social engineering. The group has set up a blog about vulnerabilities and created fake accounts on Twitter, posing as security researchers. With this, the group wants to build credibility according to Google TAG.

Targeted security researchers are requested to collaborate on a vulnerability investigation. The hackers then send a Visual Studio Project to the target, containing source code for exploiting a vulnerability, as well as an additional dll containing malware, which is executed via Visual Studio Build Events.

On their blog, the state hackers publish articles claiming to show exploits for vulnerabilities. According to Google, at least one of them is fake. This is an exploit for CVE-2021-1647, a recently patched vulnerability in Windows Defender. The state hackers put a video on Twitter and YouTube on January 14 in which they supposedly showed an exploit. In comments to those videos, others also noted that the video had been tampered with and that no working exploit was demonstrated.

According to Google, several security researchers have also been compromised by just visiting the blog. They followed a Twitter link that referred to an article and shortly after, their system was infected and the malware contacted a command and control server. The victims are said to have been using systems with all Windows 10 updates and the latest Chrome browser. Google says it does not yet know how those attacks could be successful. The attackers may have used an unknown vulnerability for this.

Google has published an overview of account names that are allegedly connected to the hacking campaign. The attackers use various platforms to contact security researchers, including Twitter, LinkedIn, Telegram, Discord, Keybase, and email. So far, only researchers with Windows systems have been attacked, Google says.

You might also like
News

X begins to deploy the audio and video calling function (but only paying users can…

News

Rumor: Apple is working on its own applications based on a large language model

News

Blizzard will release certain games via Steam, starting with Overwatch 2

News

EU Council determines position on security requirements for digital products

News

Citrix warns of critical vulnerability in NetScaler ADC and Gateway

News

Meta introduces open source language model Llama 2, works on PCs and phones