Security News > 2021 > January > North Korea Targets Security Researchers in Elaborate 0-Day Campaign

Hackers linked to North Korea are targeting security researchers with an elaborate social-engineering campaign that sets up trusted relationships with them - and then infects their organizations' systems with custom backdoor malware.

The effort includes attackers going so far as to set up their own research blog, multiple Twitter profiles and other social-media accounts in order to look like legitimate security researchers themselves, according to a blog post by TAG's Adam Weidermann.

"Their blog contains write-ups and analysis of vulnerabilities that have been publicly disclosed, including 'guest' posts from unwitting legitimate security researchers, likely in an attempt to build additional credibility with other security researchers."

So far it seems that only security researchers working on Windows machines have been targeted.

Io to visit a threat actor's blog, according to TAG. Accessing the link installs a malicious service on the researcher's system that executes an in-memory backdoor that establishes a connection to an actor-owned C2 server, researchers discovered.

Researchers also did not specifically say what the likely motive was for the attacks; however, presumably the threat actors aim to uncover and steal vulnerabilities to use in North Korean advanced persistent threat campaigns.

News URL

https://threatpost.com/north-korea-security-researchers-0-day/163333/