Security News > 2023 > September > Google: State hackers attack security researchers with new zero-day

Google's Threat Analysis Group says North Korean state hackers are again targeting security researchers in attacks using at least one zero-day in an undisclosed popular software.

Researchers attacked in this campaign are involved in vulnerability research and development, according to Google's team of security experts that protects the company's users from state-sponsored attacks.

The attackers use Twitter and Mastodon social media to lure targeted security researchers into switching to encrypted messaging platforms like Signal, Wire, or WhatsApp.

In March 2021, Google TAG revealed the attacks picked up again, targeting security researchers using fake LinkedIn and Twitter social media accounts and a fake company named SecuriElite.

Earlier this year, in March, Mandiant also picked up on and exposed a suspected North Korean hacking group attacking security researchers and media organizations in the United States and Europe using fake job offers to infect them with new malware.

Although Google has not explicitly outlined the objectives of these attacks, their primary goal appears to be the acquisition of undisclosed security vulnerabilities and exploits by targeting specific researchers.

News URL

https://www.bleepingcomputer.com/news/security/google-state-hackers-attack-security-researchers-with-new-zero-day/