Google’s Threat Analysis Group announced Monday, January 25, 2021, that North Korean hackers have targetted cybersecurity researchers in a state-backed hacking campaign. These researchers are reportedly engaged in vulnerability research and were.
The technology giant said that its threat analysis department found that North Korean threat actors have been posing as cybersecurity researchers on a variety of social networking platforms. These include the likes of the popular bird app Twitter, LinkedIn, Telegram, Keybase, and Discord, reports ZD Net.
Apart from the aforementioned social media sites, the analysis group also found out that email was used in a number of instances.
Based on the findings of Google, Forbes states that through the scheme ran by the North Korean hackers, they can exploit vulnerabilities in different computer systems despite these running on a more updated version. Among the vulnerable systems include Google Chrome and Microsoft Windows.
As of writing, the state hackers of the country have launched the campaign for around three months, reports Forbes.
As part of the scheme, these hackers masquerading as cybersecurity researchers set up accounts on Twitter and other social media platforms and post links to a blog showing research to establish their credibility in the field. Most also send private messages on Twitter, although they have yet to say what they want, notes The Verge.
In a statement by Adam Weidemann from Google’s Threat Analysis Group in a blog post, he said, “The actors have been observed targeting specific security researchers by a novel social engineering method. After establishing initial communications, the actors would ask the targeted researcher if they wanted to collaborate on vulnerability research together, and then provide the researcher with a Visual Studio Project.”
With the link provided by the posers within and after following the said research, security researchers have reportedly experienced a malicious service installed on their system, notes Forbes. This would infect the systems with zero-day vulnerabilities.
In its blog post, Google said that in the event security researchers clicked on the links provided or have interacted with the said users or accounts from North Korean groups in any way, they should scan and move their research to prevent further invasion and malicious attacks from further taking place.
While Google has successfully uncovered the state-sponsored hacking campaign, the tech giant states that it is still in the dark about the overall target of the series of attacks.
With the hackers working on “vulnerability research and development,” The Verge states the hackers may be more concerned about learning and exploiting vulnerabilities that are yet to be known by the public, and by extension, which could be used in future attacks.