Security News > 2021 > January > North Korea Targets Security Researchers in Elaborate 0-Day Campaign
Hackers linked to North Korea are targeting security researchers with an elaborate social-engineering campaign that sets up trusted relationships with them - and then infects their organizations' systems with custom backdoor malware.
The effort includes attackers going so far as to set up their own research blog, multiple Twitter profiles and other social-media accounts in order to look like legitimate security researchers themselves, according to a blog post by TAG's Adam Weidermann.
"Their blog contains write-ups and analysis of vulnerabilities that have been publicly disclosed, including 'guest' posts from unwitting legitimate security researchers, likely in an attempt to build additional credibility with other security researchers."
So far it seems that only security researchers working on Windows machines have been targeted.
Io to visit a threat actor's blog, according to TAG. Accessing the link installs a malicious service on the researcher's system that executes an in-memory backdoor that establishes a connection to an actor-owned C2 server, researchers discovered.
Researchers also did not specifically say what the likely motive was for the attacks; however, presumably the threat actors aim to uncover and steal vulnerabilities to use in North Korean advanced persistent threat campaigns.
News URL
https://threatpost.com/north-korea-security-researchers-0-day/163333/
Related news
- US 'laptop farm' man accused of outsourcing his IT jobs to North Korea to fund weapons programs (source)
- Microsoft Patches Zero-Day Flaw Exploited by North Korea’s Lazarus Group (source)
- Tired of airport security queues? SQL inject yourself into the cockpit, claim researchers (source)
- Researchers find SQL injection to bypass airport TSA security checks (source)
- Security Researcher Sued for Disproving Government Statements (source)