Google warns of ‘novel social engineering method’ used to hack security researchers – The Verge2 min read

https://www.theverge.com/2021/1/26/22250060/google-threat-analysis-group-north-korean-hackers-cybersecurity-researchers-social-engineering

According to Google, the hackers set up a cybersecurity blog site and series of Twitter accounts in an apparent attempt to magnify and develop reliability while connecting with possible targets. Google listed specific hacker accounts in its blog site post. The campaign is the most current occurrence of security scientists being targeted by hackers.

Government-backed hackers based in North Korea are targeting private security scientists through a variety of means including a “unique social engineering approach,” Googles Threat Analysis Group is reporting. The project has actually supposedly been ongoing for a number of months, and worryingly appears to exploit unpatched Windows 10 and Chrome vulnerabilities.
Although Google doesnt say precisely what the goal of the hacking campaign is, it keeps in mind that the targets are dealing with “vulnerability research study and development.” This recommends the aggressors might be trying to read more about non-public vulnerabilities that they can use in future state-sponsored attacks.
Hackers set up a network of Twitter accounts and a cybersecurity blog site
According to Google, the hackers set up a cybersecurity blog and series of Twitter accounts in an evident effort to amplify and build reliability while interacting with potential targets. The search giant mentions numerous cases of scientists makers having been contaminated simply by checking out the hackers blog, even when running the latest variations of Windows 10 and Chrome.
The social engineering technique detailed by Google included contacting security researchers, and asking them to collaborate on their work. Once they agreed, the hackers would send out over a Visual Studio Project including malware, which would infect the targets computer system and start contacting the attackers server.
According to Google, the enemies utilized a series of various platforms– consisting of Telegram, LinkedIn and Discord– to interact with possible targets. Google noted specific hacker accounts in its post. It states anyone whos communicated with these accounts need to scan their systems for any indicator theyve been compromised, and move their research study activities onto a separate computer from their other day-to-day use.
The campaign is the newest occurrence of security scientists being targeted by hackers. Last December, a leading US cybersecurity firm FireEye revealed that it had actually been compromised by a state-sponsored assaulter. When it comes to FireEye, the target of the hack were internal tools it uses to look for vulnerabilities in its customers systems.

Leave a Reply

Your email address will not be published. Required fields are marked *