Google: North Korean hackers have targeted security researchers via social media – ZDNet4 min read

https://www.zdnet.com/article/google-north-korean-hackers-have-targeted-security-researchers-via-social-media/

I can confirm this is real and I got struck by @z0x55g who sent me a Windows kernel PoC trigger. The vulnerability was real and complex to trigger.

The attacks have been found by the Google Threat Analysis Group (TAG), a Google security group specialized in searching advanced consistent hazard (APT) groups.In a report published earlier today, Google stated North Korean hackers used several profiles on different social networks, such as Twitter, LinkedIn, Telegram, Discord, and Keybase, to reach out to security researchers using fake personas.Email was also utilized in some circumstances, Google stated.” After establishing preliminary interactions, the stars would ask the targeted researcher if they wanted to collaborate on vulnerability research together, and then supply the researcher with a Visual Studio Project,” said Adam Weidemann, a security scientist with Google TAG.The Visual Studio job consisted of destructive code that installed malware on the targeted researchers operating system. The malware acted as a backdoor, calling a remote command and control server and waiting for commands.New mysterious browser attack likewise discoveredBut Wiedemann stated that the assaulters didnt constantly disperse malicious files to their targets.

Group of hooded hackers shining through a digital north korean flag cybersecurity concept
Michael Borgers, Getty Images/iStockphoto
Google stated today that a North Korean federal government hacking group has actually targeted members of the cyber-security community engaging in vulnerability research study.

Google said the blog hosted malicious code that infected the security scientists computer system after accessing the site.” A harmful service was installed on the scientists system and an in-memory backdoor would begin beaconing to an actor-owned command and control server,” Weidemann said.But Google TAG also included that numerous victims who accessed the site were likewise running “fully patched and current Windows 10 and Chrome internet browser versions” and still got infected.Details about the browser-based attacks are still scant, but some security scientists believe the North Korean group more than likely utilized a mix of Chrome and Windows 10 zero-day vulnerabilities to release their destructive code.As a result, the Google TAG team is currently asking the cyber-security community to share more information about the attacks, if any security scientists think they were infected.The Google TAG report includes a list of links for the phony social networks profiles that the North Korean star used to draw and deceive members of the infosec community.Security researchers are encouraged to review their browsing histories and see if they interacted with any of these profiles or if they accessed the destructive blog.br0vvnn.io domain.
Image: Google
In case they did, they are most likely to have actually been infected, and particular steps need to be required to examine their own systems.The reason for targeting security scientists is pretty apparent as it could allow the North Korean group to take exploits for vulnerabilities found by the contaminated scientists, vulnerabilities that the hazard group could release in its own attacks with little to no advancement costs.In the meantime, numerous security scientists have actually currently revealed on social networks that they received messages from the enemies accounts, although, none have actually confessed to having actually systems jeopardized.

The attacks have actually been found by the Google Threat Analysis Group (TAG), a Google security team concentrated on hunting advanced relentless threat (APT) groups.In a report published earlier today, Google said North Korean hackers used numerous profiles on various social networks, such as Twitter, LinkedIn, Telegram, Discord, and Keybase, to reach out to security scientists using phony personas.Email was likewise used in some circumstances, Google stated.” After establishing initial interactions, the actors would ask the targeted researcher if they wished to collaborate on vulnerability research together, and after that supply the scientist with a Visual Studio Project,” stated Adam Weidemann, a security scientist with Google TAG.The Visual Studio job consisted of malicious code that set up malware on the targeted researchers os. The malware functioned as a backdoor, calling a remote command and control server and waiting for commands.New strange internet browser attack also discoveredBut Wiedemann said that the assaulters didnt always disperse destructive files to their targets. In some other cases, they asked security scientists to check out a blog they had hosted at blog site [] br0vvnn [] io ( do not gain access to).

Leave a Reply

Your email address will not be published. Required fields are marked *