Security News > 2021 > January > Security researchers targeted by North Korean hackers

Over the past few months, hackers have been trying to surreptitiously backdoor the computer systems of a number of security researchers working on vulnerability research and development at different companies and organizations, the Google Threat Analysis Group has revealed on Monday.

The hackers, who Google TAG believes are backed by the North Korean government, first created a blog, populated it with posts write-ups about vulnerabilities that have been publicly disclosed, then created Twitter, LinkedIn, Keybase, and Telegram accounts with fake personas and used them to try to contact the targeted security researchers directly.

"After establishing initial communications, the actors would ask the targeted researcher if they wanted to collaborate on vulnerability research together, and then provide the researcher with a Visual Studio Project," Google TAG researcher Adam Weidemann explained.

"If you are concerned that you are being targeted, we recommend that you compartmentalize your research activities using separate physical or virtual machines for general web browsing, interacting with others in the research community, accepting files from third parties and your own security research."

Cisco has shared that some of its researchers have been targeted by the attackers.

"The campaign originally came to our attention after Microsoft Defender for Endpoint detected an attack in progress. Observed targeting includes pen testers, private offensive security researchers, and employees at security and tech companies. Microsoft Threat Intelligence Center attributes this campaign with high confidence to ZINC, a DPRK-affiliated and state-sponsored group, based on observed tradecraft, infrastructure, malware patterns, and account affiliations," Microsoft noted.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/b_oHODCmuKc/