Security News > 2021 > January > Security researchers targeted by North Korean hackers

Over the past few months, hackers have been trying to surreptitiously backdoor the computer systems of a number of security researchers working on vulnerability research and development at different companies and organizations, the Google Threat Analysis Group has revealed on Monday.
The hackers, who Google TAG believes are backed by the North Korean government, first created a blog, populated it with posts write-ups about vulnerabilities that have been publicly disclosed, then created Twitter, LinkedIn, Keybase, and Telegram accounts with fake personas and used them to try to contact the targeted security researchers directly.
"After establishing initial communications, the actors would ask the targeted researcher if they wanted to collaborate on vulnerability research together, and then provide the researcher with a Visual Studio Project," Google TAG researcher Adam Weidemann explained.
"If you are concerned that you are being targeted, we recommend that you compartmentalize your research activities using separate physical or virtual machines for general web browsing, interacting with others in the research community, accepting files from third parties and your own security research."
Cisco has shared that some of its researchers have been targeted by the attackers.
"The campaign originally came to our attention after Microsoft Defender for Endpoint detected an attack in progress. Observed targeting includes pen testers, private offensive security researchers, and employees at security and tech companies. Microsoft Threat Intelligence Center attributes this campaign with high confidence to ZINC, a DPRK-affiliated and state-sponsored group, based on observed tradecraft, infrastructure, malware patterns, and account affiliations," Microsoft noted.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/b_oHODCmuKc/
Related news
- Safe{Wallet} Confirms North Korean TraderTraitor Hackers Stole $1.5 Billion in Bybit Heist (source)
- Microsoft: North Korean hackers join Qilin ransomware gang (source)
- Google paid $12 million in bug bounties last year to security researchers (source)
- North Korean Lazarus hackers infect hundreds via npm packages (source)
- North Korean hackers adopt ClickFix attacks to target crypto firms (source)
- North Korean Hackers Disguised as IT Workers Targeting UK, European Companies, Google Finds (source)
- North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages (source)
- North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures (source)