North Korea-based government-backed hackers are targeting personal security researchers through a number of security tools, including a “novel social engineering method,” Google’s threat analysis group is reporting. The campaign has reportedly been going on for several months, and appears to exploit the worryingly unpublished Windows 10 and Chrome vulnerabilities.
Although Google does not say what the purpose of the hacking campaign is, it notes that the targets are working on “vulnerability research and development”. This suggests that attackers may be trying to learn more about non-public vulnerabilities that they may use in future state-sponsored attacks.
According to Google, hackers set up a cyberspace blog and series of Twitter accounts in an apparent effort to build and increase credibility when interacting with potential targets. The blog focuses on writing down vulnerabilities that were already public. Meanwhile, Twitter accounts posted links to the blog, as well as other alleged exploits. According to Google, at least one was allegedly exploited. Search giant researchers cite several cases of machines saying that running the latest version of Windows 10 and Chrome also leads to infection by visiting hackers’ blogs.
The social engineering method outlined by Google involved contacting security researchers and asking them to cooperate in their work. However, once they agreed, the hackers would send a Visual Studio project containing malware, which would infect the target’s computer and start contacting the attackers’ servers.
According to Google, the attackers used a range of different platforms – including Telegram, LinkedIn and Discord – to communicate with potential targets. Google listed specific hacker accounts in its blog posts. It states that people who have interacted with these accounts should scan their system for any indications that they have compromised, and transfer their research activities to a different computer from their second day of use .
The campaign is the latest incident by security researchers being targeted by hackers. Last December, FireEye, a major US cybercity firm, revealed it was compromised by a state-sponsored attacker. In the case of FireEye, the hack was aimed at internal tools that use it to check for vulnerabilities in their customer’s systems.