3 min read

North Korean hackers attempt to hack security researchers investigating zero-day vulnerabilities

Graham CLULEY

January 27, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
North Korean hackers attempt to hack security researchers investigating zero-day vulnerabilities
  • Fully-patched Windows 10 computers using the Chrome browser are being infected by visiting bogus security researcher website.
  • Hackers would take weeks or months to gain the trust of security researchers before tricking them into running malicious code.

Threat experts at Google say that they have identified an ongoing hacking campaign that has targeted computer security experts, specifically those researching the very type of software vulnerabilities exploited by cybercriminals.

Google’s Threat Analysis Group (TAG) says that the attackers are backed by the North Korean government, and are using advanced persistent threats (APTs) in an attempt to compromise the computers of their high value targets.

As Google describes, the attackers reach out to their intended victims via email or websites such as Twitter and LinkedIn, posing as fellow researchers.

Over time and in conversations which can last for weeks or months the attackers attempt to establish their credibility and trustworthiness by posting videos of the exploits they claimed to have discovered, or posting links to their research on their blogs or Github.

The “evidence” of their discoveries was further amplified by having other social media accounts under the hackers’ control reshare the links in an attempt to increase its apparent authenticity.

Ingeniously, the attackers then ask the researcher they are targeting if they want to collaborate on vulnerability research together, and share a Visual Studio project with the source code to an exploit they are working on.

A careless researcher may not spot that the project also contains a malicious .DLL file that can install a backdoor onto their computer.

In addition, in some attacks researchers have been compromised after visiting the fake researcher’s blog. As Google explains, visiting the website hosting the blog – even on a fully-patched up-to-date version of the Chrome browser running on a fully-patched version of Windows 10 – can result in computers becoming infected by malware.

Google admits that it is not clear at the moment how the infection is taking place, but it is asking anyone who is able to identify such a previously unknown vulnerability in Chrome to make contact as they would be eligible for a reward under its bug bounty program.

According to The Register, one researcher was targeted by the North Korean hackers was zero-day vulnerability hunter Alejandro Caceres, the co-founder of US-based security research outfit Hyperion Gray.

Caceres said that he had been contacted by a bogus researcher calling himself James Willy, and offered a reward for anyone who could provide the hacker’s true identity and address.

Google’s Threat Analysis Group says that it is sharing details of the hacking campaign in the hope that it will act as a warning to all security researchers to be on their guard:

“We hope this post will remind those in the security research community that they are targets to government-backed attackers and should remain vigilant when engaging with individuals they have not previously interacted with.”

The Twitter and LinkedIn profiles used by the attackers have since been suspended. Although, of course, there is nothing to stop the hackers creating other accounts in an attempt to ensnare more unsuspecting security researchers.

tags


Author



Right now

Top posts

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

FTC warns LGBTQ+ community of extortion scams targeting them on dating apps FTC warns LGBTQ+ community of extortion scams targeting them on dating apps
Graham CLULEY

July 01, 2022

2 min read
OpenSea Breach Exposes 1.8 Million Email Addresses. How does it affect you? OpenSea Breach Exposes 1.8 Million Email Addresses. How does it affect you?
Radu CRAHMALIUC

June 30, 2022

3 min read
Dealing with Cyberbullying as Adults and Children through Communication - School Presentation Inside Dealing with Cyberbullying as Adults and Children through Communication - School Presentation Inside
Silviu STAHIE

June 30, 2022

2 min read