Google warns of ‘new social engineering method’ used to hack security researchers

North Korea-based government-backed hackers target individual security researchers in a number of ways, including a “new method of social engineering,” reports Google’s threat analysis group. The campaign has reportedly been running for several months and worryingly appears to exploit unpatched Windows 10 and Chrome vulnerabilities.

While Google doesn’t say exactly what the goal of the hacking campaign is, it does note that the targets are working on “research and development of vulnerabilities.” This suggests that attackers may be trying to find out more about non-public vulnerabilities they can use in future state-sponsored attacks.

According to Google, the hackers created a cybersecurity blog and a series of Twitter accounts in an apparent attempt to build and amplify credibility while interacting with potential targets. The blog focused on writing about vulnerabilities that are already public. Meanwhile, Twitter accounts posted links to the blog, along with other alleged exploits. At least one of the alleged exploits was rigged, according to Google. The research giant cites several cases of researchers’ machines being infected simply by visiting the hacker blog, even while running the latest versions of Windows 10 and Chrome.

The social engineering method Google described involved reaching out to security researchers and asking them to collaborate on their work. However, once they agreed, hackers would send a Visual Studio project containing malware, which would infect the target’s computer and start contacting the attackers’ server.

According to Google, the attackers used a range of different platforms – including Telegram, LinkedIn and Discord – to communicate with potential targets. Google has listed specific hacker accounts in their blog post. He says anyone who has interacted with these accounts should scan their systems for any indication of compromise and move their research activities to a separate computer from their other daily use.

The campaign is the latest incident of security researchers targeted by hackers. Last December, a major US cybersecurity firm, FireEye, revealed it had been compromised by a state-sponsored attacker. In the case of FireEye, the target of the hack was internal tools it uses to check for vulnerabilities in its customers’ systems.