Security News > 2023 > September > North Korean hackers target security researchers with zero-day exploit

North Korean threat actors are once again attempting to compromise security researchers' machines by employing a zero-day exploit.
The warning comes from Google's own security researchers Clement Lecigne and Maddie Stone, who detailed the latest campaign mounted by government-backed attackers.
The attackers initially contacted the researchers through social media on the pretense of collaborating on security research.
The attackers also tried another trick: they pointed the researchers towards a Windows tool that downloads debugging symbols from Microsoft, Google, Mozilla and Citrix symbol servers for reverse engineers, but is also capable of downloading and executing arbitrary code from an attacker-controlled domain.
"If you have downloaded or run this tool, [Google] TAG recommends taking precautions to ensure your system is in a known clean state, likely requiring a reinstall of the operating system," the researchers advised.
A similar campaign was revealed in January 2021, when threat actors, believed to be backed by the North Korean government, created accounts on Twitter, LinkedIn, Keybase, and Telegram to directly contact security researchers.
News URL
https://www.helpnetsecurity.com/2023/09/08/security-researchers-zero-day-compromise/
Related news
- ⚡ THN Weekly Recap: Alerts on Zero-Day Exploits, AI Breaches, and Crypto Heists (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- Safe{Wallet} Confirms North Korean TraderTraitor Hackers Stole $1.5 Billion in Bybit Heist (source)
- Microsoft: North Korean hackers join Qilin ransomware gang (source)
- Google paid $12 million in bug bounties last year to security researchers (source)
- North Korean Lazarus hackers infect hundreds via npm packages (source)
- URGENT: Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-Days (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- APTs have been using zero-day Windows shortcut exploit for eight years (ZDI-CAN-25373) (source)