Security News > 2021 > January > North Korea infected infosec bods with backdoors via dodgy blog pages, Visual Studio files – Google
North Korea's hackers homed in on specific infosec researchers and infected their systems with a backdoor after luring them to a suspicious website, Google revealed on Monday.
"The researchers have followed a link on Twitter to a write-up hosted on blog.br0vvnn[.]io, and shortly thereafter, a malicious service was installed on the researcher's system and an in-memory backdoor would begin beaconing to an actor-owned command and control server," said Googler Adam Weidemann.
Researchers would also be offered Visual Studio projects said to contain exploit code.
These files included a DLL, run via Visual Studio Build Events, that connected to a remote server to fetch its masterminds' instructions to carry out.
Over several months, Kim Jong Un's spies set up a plausible-looking blog covering security vulnerabilities, along with multiple social media accounts, and even recruited unwitting legitimate security researchers to guest post on the site.
"If you are concerned that you are being targeted, we recommend that you compartmentalize your research activities using separate physical or virtual machines for general web browsing, interacting with others in the research community, accepting files from third parties and your own security research," Weidemann concluded.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/01/26/norks_hack_researchers/
Related news
- US govt says North Korea stole over $659 million in crypto last year (source)
- Crypto klepto North Korea stole $659M over just 5 heists last year (source)
- I'm a security expert, and I almost fell for a North Korea-style deepfake job applicant …Twice (source)
- North Korea targets crypto developers via NPM supply chain attack (source)