 |
| Google: North Korea is targeting security researchers |
Google's threat analysis team has identified an ongoing campaign of security researchers who have worked on vulnerabilities for the past few months.
The team said: Behind the attack is a government-backed facility that typically uses social engineering to interact with the victim.
Adam Weidman of Google's threat analysis team explained in a blog post that bad actors usually masquerade as researchers and go out of their way to gain victims' trust.
Bad Doers create their own research blogs and add to them information analyzing publicly disclosed vulnerabilities to make them legal.
The bad actors also maintain accounts through the Twitter platform to post videos suspected of having security holes to cover as much as possible.
In at least one case, Google discovered that a Twitter account was defending a video containing a video exploited by a vulnerability that turned out to be fake content posted on YouTube by bad actors.
Google's threat assessment team said the attackers contacted their intended victims and asked them to work together to find the vulnerabilities.
In addition to the Twitter platform, they also use LinkedIn, Telegram, Discord, Keybase, and email to help achieve their goals and submit Microsoft Visual Studio projects whose systems contain malware.
In some cases, the victim's computer was hacked after following a link on Twitter and visiting a poor actor's blog.
Both methods install back doors on the victim's computer to connect these devices to a command and control server controlled by the attacker.
The victim's system was hacked while the Google Chrome browser and the updated Windows 10 OS were fully functional.
The Google Threat Assessment Team believes that attackers have so far only targeted Windows systems but are still unable to confirm the damage mechanism, and encourages researchers to submit Vulnerability Rewards Program to vulnerabilities in Chrome browser.
Google's threat analysis team listed all of the malicious actor-controlled websites and accounts identified by the campaign.