Google reveals North Korean-backed campaign targeting security researchers



[ad_1]

Google’s TAG team said the attackers had contacted their intended victims, asking to collaborate on the vulnerability research. Besides Twitter, they also used LinkedIn, Telegram, Discord, Keybase, and email to reach their targets, sending them a Microsoft Visual Studio project containing malware to gain access to their systems. In some cases, victims’ computers have been compromised after visiting a bad actor’s blog after following a link on Twitter. Both methods led to the installation of a backdoor on the victims’ computers that connected them to a command and control server controlled by the attacker.

Victims’ systems were compromised while running fully patched and up to date Windows 10 and Chrome browsers. Google’s TAG team has only seen attackers target Windows systems, so far, but they still can’t confirm “the compromise mechanism” and encourages researchers to submit Chrome’s vulnerabilities to its bounty program. bugs. The team also listed all the websites controlled by the actors and accounts they identified as part of the campaign.



[ad_2]

Source link