Google reveals North Korean-backed campaign targeting security researchers


567
567 points

Google’s TAG team said the attackers had contacted their intended victims, and asked to collaborate on vulnerability research. Aside from Twitter, they also used LinkedIn, Telegram, Discord, Keybase, and email to reach their goals, sending a Microsoft Visual Studio project with malware to enter their systems. In some cases, victims’ computers were hacked after visiting a bad actor’s blog after following a link on Twitter. Both methods installed a backdoor on the victims’ computers that connected them to a command and control server controlled by the attacker.

Victims’ systems have been hacked while running fully updated Windows 10 and Chrome browsers. Google’s TAG team has seen attackers targeting Windows only, so far, but it is still unable to confirm a “leveling off mechanism” and encourages researchers to submit Chrome vulnerabilities to its bug bounty program. The team also listed all of the websites the actor controlled and the accounts he had identified as part of the campaign.


Like it? Share with your friends!

567
567 points

What's Your Reaction?

hate hate
0
hate
confused confused
0
confused
fail fail
0
fail
fun fun
0
fun
geeky geeky
0
geeky
love love
0
love
lol lol
0
lol
omg omg
0
omg
win win
0
win
admin

0 Comments

Your email address will not be published. Required fields are marked *