Security News > 2021 > January > North Korea infected infosec bods with backdoors via dodgy blog pages, Visual Studio files – Google

North Korea's hackers homed in on specific infosec researchers and infected their systems with a backdoor after luring them to a suspicious website, Google revealed on Monday.

"The researchers have followed a link on Twitter to a write-up hosted on blog.br0vvnn[.]io, and shortly thereafter, a malicious service was installed on the researcher's system and an in-memory backdoor would begin beaconing to an actor-owned command and control server," said Googler Adam Weidemann.

Researchers would also be offered Visual Studio projects said to contain exploit code.

These files included a DLL, run via Visual Studio Build Events, that connected to a remote server to fetch its masterminds' instructions to carry out.

Over several months, Kim Jong Un's spies set up a plausible-looking blog covering security vulnerabilities, along with multiple social media accounts, and even recruited unwitting legitimate security researchers to guest post on the site.

"If you are concerned that you are being targeted, we recommend that you compartmentalize your research activities using separate physical or virtual machines for general web browsing, interacting with others in the research community, accepting files from third parties and your own security research," Weidemann concluded.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/01/26/norks_hack_researchers/