Go to listing page

North Korean Hackers Exploiting Psychological Weaknesses

North Korean Hackers Exploiting Psychological Weaknesses
Vulnerability researchers are, undoubtedly, very security conscious, however, they are not above psychological weaknesses. These weaknesses are being exploited by North Korean hackers for the purpose of stealing research content.

What happened?

One fine day, a security researcher received an unsolicited message on Twitter. The sender claimed to be a bug hunter and expressed interest in Chrome and Windows vulnerabilities. Nonetheless, this is not an isolated incident. Dozens of vulnerability researchers were targeted in the same way across the U.S., China, and Europe. As per Google Threat Analysis Group (TAG), these messages were sent by North Korean state-sponsored hackers in an attempt to exploit unpatched vulnerabilities in Chrome and Windows 10. 

The impact

The campaign has already compromised some Chinese security researchers and sensitive information has been leaked. The TAG team has labeled this campaign as a novel social engineering tactic. 

Taking advantage of psychological weakness

  • By pretending to be another security researcher and not having usual demands such as money as seen in typical scams, attackers nudge security researchers to lower their defenses.
  • The Visual Studio Project sent by the attacker is in plaintext and the security researcher often doesn’t audit the compiled code configuration file, and hence, fails to realize that the malicious code will be implemented during the compilation process.

Links to North Korea

  • The attackers used the infrastructure of the Lazarus APT group.
  • A Kaspersky Labs researcher tweeted that one of the tools employed in the attack is used by Lazarus.
  • Moreover, on comparing this attack with the one conducted in September 2020, it has been found that the Lazarus group is connected.

The bottom line

It should be noted that the attackers were not confined to only Twitter but set up identities across Discord, LinkedIn, Keybase, and Telegram. As of now, the number of successful breaches is unknown. Although the tactic was unique considering the targeting of security researchers, it is not technically novel. This incident is a reminder to maintain your psychological defenses and stay vigilant.

Cyware Publisher