Security News > 2021 > January > Google Warning: North Korean Gov Hackers Targeting Security Researchers

Google late Monday raised the alarm about a "Government-backed entity based in North Korea" targeting - and hacking into - computer systems belonging to security researchers.

Google's Threat Analysis Group, a team that monitors global APT activity, said the ongoing campaign is aimed at security researchers working on vulnerability research and development at different companies and organizations.

"In addition to targeting users via social engineering, we have also observed several cases where researchers have been compromised after visiting the actors' blog. In each of these cases, the researchers have followed a link on Twitter to a write-up hosted on blog.br0vvnn[.]io, and shortly thereafter, a malicious service was installed on the researcher's system and an in-memory backdoor would begin beaconing to an actor-owned command and control server," Google's Adam Weidemann explained.

Google said the actors behind this campaign are linked to a government-backed entity based in North Korea, worked over time to build credibility and connect with security researchers.

Google found that the lure blog contained write-ups and analysis of vulnerabilities that have been publicly disclosed, including "Guest" posts from unwitting legitimate security researchers, likely in an attempt to build additional credibility with other security researchers.

The actors have been observed targeting specific security researchers by a novel social engineering method.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/SfPpvGiKZOQ/google-warning-north-korean-gov-hackers-targeting-security-researchers