Security News > 2021 > January > Google Warning: North Korean Gov Hackers Targeting Security Researchers
Google late Monday raised the alarm about a "Government-backed entity based in North Korea" targeting - and hacking into - computer systems belonging to security researchers.
Google's Threat Analysis Group, a team that monitors global APT activity, said the ongoing campaign is aimed at security researchers working on vulnerability research and development at different companies and organizations.
"In addition to targeting users via social engineering, we have also observed several cases where researchers have been compromised after visiting the actors' blog. In each of these cases, the researchers have followed a link on Twitter to a write-up hosted on blog.br0vvnn[.]io, and shortly thereafter, a malicious service was installed on the researcher's system and an in-memory backdoor would begin beaconing to an actor-owned command and control server," Google's Adam Weidemann explained.
Google said the actors behind this campaign are linked to a government-backed entity based in North Korea, worked over time to build credibility and connect with security researchers.
Google found that the lure blog contained write-ups and analysis of vulnerabilities that have been publicly disclosed, including "Guest" posts from unwitting legitimate security researchers, likely in an attempt to build additional credibility with other security researchers.
The actors have been observed targeting specific security researchers by a novel social engineering method.
News URL
Related news
- Researchers Identify Multiple China Hacker Groups Exploiting Ivanti Security Flaws (source)
- Google Cloud/Cloud Security Alliance Report: IT and Security Pros Are ‘Cautiously Optimistic’ About AI (source)
- New Google Workspace feature prevents sensitive security changes if two admins don’t approve them (source)
- Google Chrome: Security and UI Tips You Need to Know (source)
- Microsoft Warns: North Korean Hackers Turn to AI-Fueled Cyber Espionage (source)
- Researchers Uncover Windows Flaws Granting Hackers Rootkit-Like Powers (source)
- Chinese government website security is often worryingly bad, say Chinese researchers (source)
- Top 5 Global Cyber Security Trends of 2023, According to Google Report (source)
- NSA warns of North Korean hackers exploiting weak DMARC email policies (source)
- North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto Firms (source)