Dmitry Nogaev | Getty Images
Google warned that it discovered a state-backed “ongoing” hacking campaign, conducted by North Korea, targeting cybersecurity researchers.
The Silicon Valley group said its threat analysis team found that cyberattacks posing as researchers created several fake social media profiles on platforms like Twitter and LinkedIn. To gain credibility, they also created a fake blog for which they would have unintended targets for writing guest posts about real software bugs.
After establishing communication with a real researcher, attackers ask the target to work together on cyber vulnerability research and then share collaboration tools containing malicious code to install malware on the researcher’s systems.
In some cases, attackers were able to create a backdoor on the victim’s computer, even when their systems were running fully corrected and updated versions of Windows 10 and the Chrome browser, Google said.
The campaign would allow hackers to gain insights into the vulnerabilities that the research community was studying to exploit them.
Several researchers wrote on Twitter after Google’s statement that they were contacted by the hackers, but were not compromised.
Google attributed the latest campaign to “a government-backed entity based in North Korea” – one of the biggest state hacking sponsors alongside Russia, Iran and China.
North Korea is also among the countries accused of carrying out cyber attacks to steal research and data related to the coronavirus vaccine. The Wall Street Journal reported last year that Pyongyang coordinated attacks on at least six vaccine developers, including Johnson & Johnson and Novavax in the United States, AstraZeneca in the United Kingdom and several South Korean companies.
According to analysts, North Korea’s cyber army consists of thousands of expert hackers whose targets range from small-scale fraud and theft of cryptocurrencies to theft of nuclear secrets and weapon technology.
Disproving the country’s perceptions as a technological backwardness, its hackers have a history of major cyber disruptions, including the Sony Pictures invasion in 2014 and the WannaCry malware attack in 2017. In 2019, a UN sanctions report estimated that $ 2 billion have been raised for the Kim Jong UN weapons program through North Korean cyber attackers.
The most recent campaign comes at a time when cyber security companies find themselves as a specific target of hacker campaigns.
In December, the cyber security group FireEye, as well as Microsoft, reported that they were victims of a cyber espionage campaign led by Russian state hackers that also targeted several US federal agencies and private sector groups.
Additional reporting by Edward White in Seoul.
© 2021 The Financial Times Ltd. All rights reserved It must not be redistributed, copied or modified in any way.