Google reveals North Korean-backed campaign targeting security researchers
A new ongoing campaign targeting security researchers has been uncovered by Google’s Threat Analysis Group. The attackers are going to great lengths to gain the victims’ trust, posing as researchers or students themselves. The campaign consists of sophisticated social engineering techniques to persuade the security researcher to open a Microsoft Visual Studio Project application that has been compromised with malware. Google has attributed the hacks to a government-backed entity located in North Korea.
The attacks are complex, as the threat actors take measures to appear like legitimate researchers such as building their own research blogs complete with analyses of publicly disclosed vulnerabilities. Some even maintained Twitter accounts. The attackers would contact their target seeking help on vulnerability research. Social media platforms used to make this initial contact include Twitter, LinkedIn, Telegram, Discord, Keybase, and email. All versions and methods eventually lead to the installation of a backdoor on the victim’s device.