North Korean hackers use social media to target security researchers

Google has warned that it has uncovered an “ongoing” state-sponsored, North Korean-led hacking campaign targeting cybersecurity researchers.

The Silicon Valley group said its threat analysis team discovered that cyber attackers posing as researchers created numerous fake social media profiles on platforms such as Twitter and LinkedIn. To gain credibility, they also set up a fake blog that they would get unintentional targets for writing guest posts for about actual software bugs.

After establishing communication with a real researcher, the attackers would instruct the target to work together on cyber vulnerability research, and then share collaboration tools containing malicious code to install malware on the researcher’s systems.

In some cases, attackers were able to create a backdoor to the victim’s computer even when their systems were running fully patched and up-to-date Windows 10 and Chrome browser versions, Google said.

The campaign would allow hackers to gather information about vulnerabilities that the research community was studying to exploit.

Several researchers wrote on Twitter following Google’s statement that they had been contacted by the hackers but had not been compromised.

Google attributed the latest campaign to “a government-backed entity based in North Korea,” one of the biggest sponsors of hacking alongside Russia, Iran and China.

North Korea is also among countries accused of carrying out cyber attacks to steal research and data related to the coronavirus vaccine. The Wall Street Journal reported last year that Pyongyang coordinated attacks on at least six vaccine developers, including Johnson & Johnson and Novavax in the United States, British firm AstraZeneca and several South Korean companies.

North Korea’s cyber army includes thousands of expert hackers whose targets range from smaller-scale fraud and cryptocurrency theft to theft of nuclear secrets and weapon technologies, analysts say.

Disappointing perceptions of the country as a technological backwater, its hackers have a history of major cyber disruption, most notably the Sony Pictures hack in 2014 and the WannaCry malware attack in 2017. In 2019, a sanctions report from The UN estimated that $ 2 billion had been raised for the UN’s Kim Jong Weapons Program via North Korean cyber actors.

The latest campaign comes as cybersecurity companies have found themselves a particular target of hacking campaigns.

In December, cybersecurity group FireEye as well as Microsoft reported being the victims of a massive cyber espionage campaign by Russian hackers who also targeted a number of US federal agencies and private sector groups.

Additional reporting by Edward White in Seoul.

© 2021 The Financial Times Ltd. All rights reserved. Do not redistribute, copy or modify in any way.