North Korea-based hackers are targeting individual security researchers through a number of means including “novel social engineering method”. Google’s threat analyzing group reports, The campaign has been ongoing for several months and targets vulnerabilities in Chrome and Windows 10. The report doesn’t state the reason for the attacks but points out that all the targets are working on “vulnerability research and development”. This information could be vital for any state-sponsored future attack.
The Hacker group is believed to be backed by Government and uses major social media platforms in its attacks such as Twitter, Telegram, Linked In, and others. According to Google, the hacker’s set up a series of Twitter accounts and a cybersecurity blog. This is crucial to building credibility before interacting with targets. The blog focuses on writing about the vulnerabilities that are already public. The Twitter account posts link to blogs about several exploits as tweets.
One of those exploits is faked and is used to trap the target. Some of the security researchers’ machines were infected just by visiting the blog even when running the latest version of Windows and Chrome. The Social engineering method also involves contacting the target and asking him to contribute to ongoing research. The hackers send the researcher some code. When the researcher opens the code in visual studio code his machine starts getting infected and start contacting the attacker’s server.
Google revealed some of the hacker accounts here on its blog. If you might have contacted any of these accounts then it is recommended to scan your machine for viruses and changing the research machine to avoid data leaks.
[…] see a “Contribute to Birdwatch” option in the menu with every tweet. If you find any tweet to be mis leading or inappropriate you can select this option and answer a few MCQs and write a note for context on […]