Cybernews
  • News
  • Editorial
  • Security
  • Privacy
    • What is a VPN?
    • What is malware?
    • How safe are password managers?
    • Are VPNs legal?
    • More resources
    • Strong password generator
    • Personal data leak checker
    • Antivirus software
    • Best VPN services
    • Password managers
    • Secure email providers
    • Best website builders
  • Follow
    • Twitter
    • Facebook
    • YouTube
    • Linkedin
    • Flipboard
    • Newsletter

© 2021 CyberNews - Latest tech news, product reviews, and analyses.

Our readers help us create quality content. If you purchase via links on our site, we may receive affiliate commissions. Learn more

Home » Security » North Korea has been targeting threat researchers

North Korea has been targeting threat researchers

by Chris Stokel-Walker
27 January 2021
in Security
0
Man in front of multiple computers

© Shutterstock

48
SHARES
When the hunters become the hunted.

The threat of state-sponsored cyber hacking has become even more prevalent as a massive campaign by North Korean-linked hackers targeting security researchers working to keep us all safe has been uncovered. 

Google’s Threat Analysis Group of researchers looking at how offensive cyberwarfare is waged announced on January 26 that they had identified a new campaign specifically aimed at those who work on vulnerability research and development. The campaign is notable not just for its targets – the people who usually keep us safe – but also for the way it works. 

“In order to build credibility and connect with security researchers, the actors established a research blog and multiple Twitter profiles to interact with potential targets.”

explained Adam Weidemann of Google’s Threat Analysis Group

The fake accounts on Twitter, which use names such as Billy Brown and BrownSec3 Labs, share links claiming they’ve identified exploits, and generally amplify each other across social media by resharing posts to gain credibility. 

The idea behind the social engineering section of the campaign is to build up enough credibility for the completely fictitious people to assimilate into the small but dedicated community of vulnerability researchers, so no one questions their motives when they suggest working together – hiding a payload of malware.

It began with a blog

The blog that the researchers link to is an interesting one, and the main launchpad for the incursion into the field of security research. It leverages the tight-knit network of security researchers for its own gain, adding credibility by inviting guest posts from people in the area to contribute alongside other posts about publicly available exploits that have been patched.

“Their blog contains write-ups and analysis of vulnerabilities that have been publicly disclosed, including ‘guest’ posts from unwitting legitimate security researchers, likely in an attempt to build additional credibility with other security researchers.”

said Adam Weidemann

The posts are sometimes supported by faked video captures that seemingly purports to show a successful exploit – though actually it’s simply a trick, spoofed video.  

Even though the video was identified as a fraud by some commenters, the campaign’s networked tactics tried to clamp down criticism, with a separate Twitter account under their command retweeting the original post and denying it was a fake video. 

Winning trust and taking victims

“The actors have been observed targeting specific security researchers by a novel social engineering method,” explained Weidemann. Using the supposed credibility of interacting with other vulnerability researchers in the community, the North Koreans, still using fake identities, would ask specific researchers if they wanted to collaborate on a project. If they said yes, they’d be sent a Visual Studio Project hiding source code and a DLL, which was custom malware that would immediately begin communicating with actor-controlled C2 domains.

“These actors have used multiple platforms to communicate with potential targets, including Twitter, LinkedIn, Telegram, Discord, Keybase and email.”

said Adam Weidemann

He also provided a list of aliases used by the hackers. “If you have communicated with any of these accounts or visited the actors’ blog, we suggest you review your systems.”

The fear is that the hackers have targeted vulnerability researchers in order to glean more information that will allow them to launch targeted attacks that take advantage of pre-existing, but otherwise not publicly known, gaps in security. Such zero-day exploits can be a boon to cyber criminals in their goal of trying to leverage access to systems and money that can then be funnelled into the state.

North Korea is renowned for having a determined, if not always technically world-leading, group of hackers under its command that are tasked with trying to earn the pariah state money given it struggles to survive due to crippling international sanctions.

Share48TweetShareShare
Next Post
The satellite-hacker’s guide to the space industry: don’t panic (yet)

The satellite-hacker’s guide to the space industry: don’t panic (yet)

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Editor's choice

COMb data leak - Mother of all breaches
News

COMB: largest breach of all time leaked online with 3.2 billion records

by Bernard Meyer
12 February 2021
37

It's being called the biggest breach of all time and the mother of all breaches: COMB, or the Compilation of...

Read more
14 million Amazon and eBay accounts sold online in new leak

14 million alleged Amazon and eBay account details sold online

17 February 2021
The hype around quantum computing: it’s not too early to get in

The hype around quantum computing: it’s not too early to get in

15 February 2021
Facebook phishing campaign that tricked nearly 450,000 users in Germany is now spreading in the UK

Facebook phishing campaign that tricked nearly 450,000 users in Germany is now spreading in the UK

15 February 2021
Cyberpunk 2077 maker CD Projekt Red has GWENT source code leaked after ransomware attack

Cyberpunk 2077 maker CD Projekt Red has GWENT source code leaked after ransomware attack

10 February 2021
  • Categories
    • News
    • Editorial
    • Security
    • Privacy
  • Reviews
    • Antivirus Software
    • Password Managers
    • Best VPN Services
    • Secure Email Providers
    • Website Builders
  • Tools
    • Password generator
    • Personal data leak checker
  • Engage
    • About Us
    • Send Us a Tip
    • Careers
  • Twitter
  • Facebook
  • YouTube
  • Linkedin
  • Flipboard
  • Newsletter
  • About Us
  • Contact
  • Send Us a Tip
  • Privacy Policy
  • Terms & Conditions
  • Vulnerability Disclosure

© 2021 CyberNews - Latest tech news, product reviews, and analyses.

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.

Home

News

Editorial

Security

Privacy

Resources

  • About Us
  • Contact
  • Careers
  • Send Us a Tip

© 2020 CyberNews – Latest tech news, product reviews, and analyses.

Subscribe for Security Tips and CyberNews Updates
Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!