A North Korean government-backed hacking group has been leveraging researchers’ curiosity for vulnerability research and exploit development, according to a recent Google Threat Analysis Group report.
Fake persona on social sites
The threat actors have been observed creating fake Twitter profiles and blogs on existing vulnerabilities to build a fake persona as a security researcher. Using these fake yet convincing accounts, threat actors attempt to contact the targeted security researchers via social media networks, including Twitter, LinkedIn, and Telegram.
- To build additional credibility, the attackers were using other fake Twitter accounts and guest posts from unwitting legitimate security researchers.
- After establishing contact with a security researcher, the threat actors would infect their computers using custom backdoor malware or zero-day vulnerabilities.
- They were using a novel social engineering technique to target researchers who were using fully patched Windows 10 devices with the latest version of Google Chrome.
Recent attacks on security agencies
Recently, hackers were seen targeting popularly known security agencies to perform attacks on their already-built client base.
- In a coordinated attack, hackers had exploited a zero-day vulnerability in the VPN products of the security hardware manufacturer SonicWall.
- Hackers were actively exploiting a hardcoded credential backdoor in Zyxel firewalls and AP controllers to login with administrative privileges and compromise Zyxel networking devices.
From experienced security researchers to renowned security agencies, notorious hackers are not sparing anyone. It proves the point that cybersecurity measures are essential for everyone. From basic software updates to advanced security precautions, one should never let one’s guard down.