North Korea Targets And Hacks Security Researchers' Computers, Google Finds

A campaign backed by the North Korean government has been targeting security researchers across the globe over the past months, according to Google’s Threat Analysis Group (TAG).

It turns out that the targeted researchers are those working on vulnerability research and development at various organizations and companies. TAG also discovered that the bad actors pretended to be researchers to gain their trust. The bad actors created research blogs of their own, as well as profiles on LinkedIn, Twitter, Discord, Telegram, Keybase, and emails. Then, they reached out to targeted researchers and send them links to these fake blogs that were full of analyses of the vulnerability publicly shared to look legitimate, TAG explained.

Once the bad actors have gain researchers’ trust, they would ask to collaborate with them on vulnerability research projects. Then, the bad actors would send the researchers a Microsoft Visual Studio Project containing malware that let them access the researchers’ system.

At other times, some researchers’ systems were compromised after they clicked on a link sent by the bad actors. Using both these methods, the bad actors were able to obtain backdoor access to the computers of targeted researchers.

TAG discovered that the targeted computers were compromised since they ran up-to-date and fully patched Windows 10 along with chrome browsers. So far, the group has only found attacks on Windows computers.

TAG has listed some of the bad actors’ accounts and websites it found. Besides, some victims have posted warnings on Twitter and other platforms.

Google's Shane Huntley also posted warnings on Twitter:

>>> 80% Companies Gained Higher Revenue After Boycotting Facebook Advertising