Security News > 2023 > September > North Korean Hackers Exploit Zero-Day Bug to Target Cybersecurity Researchers

Threat actors associated with North Korea are continuing to target the cybersecurity community using a zero-day bug in unspecified software over the past several weeks to infiltrate their machines.
A search on X shows that the now-suspended account has been active since at least October 2022, with the actor releasing proof-of-concept exploit code for high-severity privilege escalation flaws in the Windows Kernel such as CVE-2021-34514 and CVE-2022-21881.
This is not the first time North Korean actors have leveraged collaboration-themed lures to infect victims.
"After establishing contact with a target, the threat actor invites the target to collaborate on a GitHub repository and convinces the target to clone and execute its contents," the Microsoft-owned company said at the time.
The disclosure comes as the AhnLab Security Emergency Response Center revealed that North Korean nation-state actor known as ScarCruft is leveraging LNK file lures in phishing emails to deliver a backdoor capable of harvesting sensitive data and executing malicious instructions.
"North Korean cyber threat actors pursue cyber operations aiming to collect intelligence on the activities of the state's perceived adversaries: South Korea, the United States, and Japan, collect intelligence on other countries' military capabilities to improve their own, and collect cryptocurrency funds for the state," Microsoft said.
News URL
https://thehackernews.com/2023/09/north-korean-hackers-exploit-zero-day.html
Related news
- ⚡ THN Weekly Recap: Alerts on Zero-Day Exploits, AI Breaches, and Crypto Heists (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- Safe{Wallet} Confirms North Korean TraderTraitor Hackers Stole $1.5 Billion in Bybit Heist (source)
- Microsoft: North Korean hackers join Qilin ransomware gang (source)
- North Korean Lazarus hackers infect hundreds via npm packages (source)
- APTs have been using zero-day Windows shortcut exploit for eight years (ZDI-CAN-25373) (source)
- Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-01-11 | CVE-2022-21881 | Race Condition vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 0.0 |
2021-07-14 | CVE-2021-34514 | Improper Privilege Management vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 0.0 |