Security News > 2021 > January > Microsoft: DPRK hackers 'likely' hit researchers with Chrome exploit

Microsoft: DPRK hackers 'likely' hit researchers with Chrome exploit
2021-01-28 19:47

Today, Microsoft disclosed that they have also been monitoring the targeted attacks against vulnerability researchers for months and have attributed the attacks to a DPRK group named 'Zinc.'.

Microsoft tracks hacking group as ZINC. In a new report, Microsoft states that they too have been tracking this threat actor, who they track as 'ZINC,' for the past couple of months as the hackers target pen testers, security researchers, and employees at tech and security companies.

"In recent months, Microsoft has detected cyberattacks targeting security researchers by an actor we track as ZINC. The campaign originally came to our attention after Microsoft Defender for Endpoint detected an attack in progress. Observed targeting includes pen testers, private offensive security researchers, and employees at security and tech companies."

As part of their attack, the ZINC actors would contact researchers to collaborate on vulnerability and exploit research.

As previously reported by Google, for those researchers who agreed, ZINC would send a Visual Studio project containing a malicious DLL that would be executed when researchers compiled the project.

"A blog post titled DOS2RCE: A New Technique To Exploit V8 NULL Pointer Dereference Bug, was shared by the actor on October 14, 2020 from Twitter. From October 19-21, 2020, some researchers, who hadn't been contacted or sent any files by ZINC profiles, clicked the links while using the Chrome browser, resulting in known ZINC malware on their machines soon after."


News URL

https://www.bleepingcomputer.com/news/security/microsoft-dprk-hackers-likely-hit-researchers-with-chrome-exploit/