3 min read

North Korean hackers attempt to hack security researchers investigating zero-day vulnerabilities

Graham CLULEY

January 27, 2021

North Korean hackers attempt to hack security researchers investigating zero-day vulnerabilities
  • Fully-patched Windows 10 computers using the Chrome browser are being infected by visiting bogus security researcher website.
  • Hackers would take weeks or months to gain the trust of security researchers before tricking them into running malicious code.

Threat experts at Google say that they have identified an ongoing hacking campaign that has targeted computer security experts, specifically those researching the very type of software vulnerabilities exploited by cybercriminals.

Google’s Threat Analysis Group (TAG) says that the attackers are backed by the North Korean government, and are using advanced persistent threats (APTs) in an attempt to compromise the computers of their high value targets.

As Google describes, the attackers reach out to their intended victims via email or websites such as Twitter and LinkedIn, posing as fellow researchers.

Over time and in conversations which can last for weeks or months the attackers attempt to establish their credibility and trustworthiness by posting videos of the exploits they claimed to have discovered, or posting links to their research on their blogs or Github.

The “evidence” of their discoveries was further amplified by having other social media accounts under the hackers’ control reshare the links in an attempt to increase its apparent authenticity.

Ingeniously, the attackers then ask the researcher they are targeting if they want to collaborate on vulnerability research together, and share a Visual Studio project with the source code to an exploit they are working on.

A careless researcher may not spot that the project also contains a malicious .DLL file that can install a backdoor onto their computer.

In addition, in some attacks researchers have been compromised after visiting the fake researcher’s blog. As Google explains, visiting the website hosting the blog – even on a fully-patched up-to-date version of the Chrome browser running on a fully-patched version of Windows 10 – can result in computers becoming infected by malware.

Google admits that it is not clear at the moment how the infection is taking place, but it is asking anyone who is able to identify such a previously unknown vulnerability in Chrome to make contact as they would be eligible for a reward under its bug bounty program.

According to The Register, one researcher was targeted by the North Korean hackers was zero-day vulnerability hunter Alejandro Caceres, the co-founder of US-based security research outfit Hyperion Gray.

Caceres said that he had been contacted by a bogus researcher calling himself James Willy, and offered a reward for anyone who could provide the hacker’s true identity and address.

Google’s Threat Analysis Group says that it is sharing details of the hacking campaign in the hope that it will act as a warning to all security researchers to be on their guard:

“We hope this post will remind those in the security research community that they are targets to government-backed attackers and should remain vigilant when engaging with individuals they have not previously interacted with.”

The Twitter and LinkedIn profiles used by the attackers have since been suspended. Although, of course, there is nothing to stop the hackers creating other accounts in an attempt to ensnare more unsuspecting security researchers.

tags


Author



Right now

Top posts

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Supply Chain Attack Detected in PyPI Library Supply Chain Attack Detected in PyPI Library
Silviu STAHIE

August 02, 2021

1 min read
Scam baiter Jim Browning bamboozled by scammers into deleting his own YouTube channel Scam baiter Jim Browning bamboozled by scammers into deleting his own YouTube channel
Filip TRUȚĂ

August 02, 2021

3 min read
Instagram influencer Hushpuppi admits his part in scams that stole more than $24 million Instagram influencer Hushpuppi admits his part in scams that stole more than $24 million
Graham CLULEY

July 30, 2021

2 min read