Search

Google reveals North Korean-backed campaign targeting security researchers - Engadget

Teenage Hacker Girl Attacks Corporate Servers in Dark, Typing on Red Lit Laptop Keyboard. Room is Dark
zefart via Getty Images

Google’s Threat Analysis Group has identified an ongoing campaign that’s been targeting security researchers working on vulnerabilities over the past few months. The team says “a government-backed entity based in North Korea” is behind the attacks, which typically use social engineering to engage the victims. In a post detailing the campaign, TAG’s Adam Weidemann explained that the bad actors would go to great lengths to gain the victims’ trust, mostly by posing as researchers themselves.

They’d build their own research blogs and fill them with analysis of vulnerabilities that had been publicly disclosed to make themselves look legitimate. The bad actors also maintained Twitter accounts to post videos of their claimed exploits and to reach as many people as possible. In at least one instance, Google found one of the Twitter accounts defending a video the bad actors posted on YouTube containing an exploit that turned out to be fake.

Google’s TAG team said the attackers contacted their intended victims, asking to collaborate on vulnerability research. Aside from Twitter, they also used LinkedIn, Telegram, Discord, Keybase and email to reach out to their targets, sending them a Microsoft Visual Studio Project with malware to gain entry to their systems. In some cases, victims’ computers were compromised after visiting a bad actor’s blog after following a link on Twitter. Both methods led to the installation of a backdoor on the victims’ computers that connected them to an attacker-controlled command and control server.

The victims’ systems were compromised while running fully patched and up-to-date Windows 10 and Chrome browsers. Google’s TAG Team has only seen the attackers targeting Windows systems, thus far, but it still can’t confirm “the mechanism of compromise” and is encouraging researchers to submit Chrome vulnerabilities to its bug bounty program. The team has also listed all the actor-controlled websites and accounts it has identified as part of the campaign.

In this article: Google, security, North Korea, news, gear
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.

Let's block ads! (Why?)

Article From & Read More ( Google reveals North Korean-backed campaign targeting security researchers - Engadget )
https://ift.tt/3iNsB9F
Technology

Bagikan Berita Ini

0 Response to "Google reveals North Korean-backed campaign targeting security researchers - Engadget"

Posting Komentar

Diberdayakan oleh Blogger.