Google’s hackers based in North Korea are targeting individual security researchers in various ways, including a ‘new approach to social engineering’, reports Google’s threat analysis group. The campaign has reportedly been going on for several months, and it seems to be exploiting concerns about Windows 10 and Chrome vulnerabilities.
Although Google does not say exactly what the purpose of the hacking campaign is, it notes that the targets are working on ‘research and development of vulnerability’. This suggests that the attackers may be trying to learn more about non-public vulnerabilities they could use in future state-sponsored attacks.
According to Google, the hackers set up a cybersecurity blog and a series of Twitter accounts in an apparent attempt to build and strengthen credibility while dealing with potential targets. The blog focused on listing vulnerabilities that were already public. Meanwhile, the Twitter accounts have posted links to the blog, as well as other alleged benefits. According to Google, at least one of the alleged frauds was falsified. The search giant lists several instances of researchers ‘machines being infected by simply visiting the hackers’ blog, even when using the latest versions of Windows 10 and Chrome.
The social engineering method outlined by Google involved contacting security researchers and asking them to collaborate on their work. Once they agreed, however, the hackers would send a Visual Studio project containing malware, which would infect the target’s computer and contact the attackers’ server.
According to Google, the attackers used a range of different platforms – including Telegram, LinkedIn and Discord – to communicate with potential targets. Google has listed specific hacker accounts in its blog post. It says that anyone who interacts with these accounts should scan their systems for any indication that they have been compromised, and should shift their research activities on a separate computer from their other daily use.
The campaign is the latest incident where security researchers are being targeted by hackers. Last December, a leading US cybersecurity firm FireEye announced that it had been compromised by a state-sponsored attacker. In the case of FireEye, the target of the hack was internal tools it used to check vulnerabilities in its client’s systems.