Security News > 2021 > January > Google Warning: North Korean Gov Hackers Targeting Security Researchers
Google late Monday raised the alarm about a "Government-backed entity based in North Korea" targeting - and hacking into - computer systems belonging to security researchers.
Google's Threat Analysis Group, a team that monitors global APT activity, said the ongoing campaign is aimed at security researchers working on vulnerability research and development at different companies and organizations.
"In addition to targeting users via social engineering, we have also observed several cases where researchers have been compromised after visiting the actors' blog. In each of these cases, the researchers have followed a link on Twitter to a write-up hosted on blog.br0vvnn[.]io, and shortly thereafter, a malicious service was installed on the researcher's system and an in-memory backdoor would begin beaconing to an actor-owned command and control server," Google's Adam Weidemann explained.
Google said the actors behind this campaign are linked to a government-backed entity based in North Korea, worked over time to build credibility and connect with security researchers.
Google found that the lure blog contained write-ups and analysis of vulnerabilities that have been publicly disclosed, including "Guest" posts from unwitting legitimate security researchers, likely in an attempt to build additional credibility with other security researchers.
The actors have been observed targeting specific security researchers by a novel social engineering method.
News URL
Related news
- Google Chrome gets a mind of its own for some security fixes (source)
- North Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor Malware (source)
- North Korean Hackers Target Energy and Aerospace Industries with New MISTPEN Malware (source)
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
- Researchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol Libraries (source)
- Hackers Abuse EDRSilencer Tool to Bypass Security and Hide Malicious Activity (source)
- WeChat devs introduced security flaws when they modded TLS, say researchers (source)
- Researchers Discover Severe Security Flaws in Major E2EE Cloud Storage Providers (source)
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)