Government-supported hackers based in North Korea are targeting individual security researchers in a variety of ways, including a “new method of social engineering,” said the Google Threat Analysis Group. The campaign has been underway for several months and, worryingly, appears to be exploiting vulnerabilities in Windows 10 and Chrome without patch.
Although Google does not say exactly what the hacking campaign is for, it notes that the targets are working on “vulnerability research and development”. This suggests that attackers may be trying to learn more about non-public vulnerabilities that can be used in state-sponsored attacks in the future.
According to Google, hackers created a cybersecurity blog and a series of Twitter accounts in an apparent attempt to build and extend credibility by interacting with potential targets. The blog focused on writing vulnerabilities that were already public. Meanwhile, Twitter accounts posted links to the blog, as well as other alleged exploits. At least one of the alleged exploits has been faked, according to Google. The search giant cites several cases of researchers ‘machines that were infected simply by visiting the hackers’ blog, even running the latest versions of Windows 10 and Chrome.
The social engineering method described by Google involved contacting security researchers and asking them to collaborate on their work. However, once they agreed, the hackers would send out a Visual Studio project containing malware, which would infect the target’s computer and start contacting the attacker’s server.
According to Google, attackers used a variety of different platforms – including Telegram, LinkedIn and Discord – to communicate with potential targets. Google listed specific hacker accounts on its blog. He says that anyone who has interacted with these accounts should check their systems for any indication that they have been compromised and move their research activities to a computer separate from their daily use.
The campaign is the latest incident of security researchers being targeted by hackers. Last December, a major US cyber security firm, FireEye, revealed that it had been compromised by a state-sponsored attacker. In the case of FireEye, the target of the hack was internal tools that he uses to check for vulnerabilities in his customers’ systems.