Google has revealed that security researchers have found themselves the target of a North Korean campaign. As reported in a company blog post the campaign has targeted researchers working on vulnerability research and development.
Government-backed attacks and campaigns are nothing strange although always alarming Back in 2018, democrats replaced their Android phones out of fear of getting hacked by bad actors.
Garmin also found itself the victim of a hacking attack from bad actors back in 2020. This resulted in the company paying a $10 million ransom fee to get its system back online.
The campaign in question here is not explicitly hacking-related as bad actors posed as security researchers to gain credibility. Instead, Google said the campaign used social engineering to engage the victims.
Google reveals a North Korean-backed attack on researchers
The method of these bad actors was to build their own research blogs and fill them with analysis of vulnerabilities. This analysis would information available to the public publicly in order to make them seem credible.
The actors operated on Twitter and other social media sites to gain as much exposure and reach as possible. The group then contacted their victims asking them to collaborate on research.
They used LinkedIn, Telegram, Discord, Keybase and email to reach out to their targets. They would send a Microsoft Visual Studio Project with malware to gain entry to their systems as reported by Engadget.
Some victims reported that their computers comprised by the malware after visiting a bad actor's blog. These methods resulted in the installation of a backdoor on the victims’ computers. It then connected them to an attacker-controlled command and control server.
Google has only found attackers targeting Windows system and has not been able to identify "the mechanism of compromise". The company has reached out to researchers to send any Chrome vulnerabilities to its bug bounty program.
This program has also listed all the attacker-control websites it has found so far. Google has released the blog post largely as a warning to researchers and the general public to remain wary of dangers.
This is a worry for all researchers who engage in vulnerability research. They now find themselves in a potentially difficult position where they cannot really trust anyone as they may be untrustworthy.
Luckily, Google has released a lot of information on the attack and the campaign. This should help limit any further issues. However, campaigns like this tend to evolve over time so may try different methods in the further.