WASHINGTON DC (Axios): Suspected North Korean state hackers have been using social engineering schemes to target security researchers, according to researchers with Google’s Threat Analysis Group.
Using platforms “including Twitter, LinkedIn, Telegram, Discord, Keybase and email,” the hackers themselves posed as threat researchers in order to build legitimate profiles and backstories.
“After establishing initial communications, the actors would ask the targeted researcher if they wanted to collaborate on vulnerability research together, and then provide the researcher with a Visual Studio Project,” write the Google researchers.
One security researcher described how he was targeted — and later compromised — by someone he later realized was a North Korean operative.
“Hey folks, story time. A guy going by the name James Willy approached me about help with a 0-day. After providing a writeup on root cause analysis I realized the visual studio project he gave me was backdoored,” wrote Aleja-ndro Caceres, the researc-her. “Anyway, yes I was hacked,” wrote Caceres. “No, no customer information was leaked, this was on a private [virtual machine] for this exact reason.”
The Google team also said that the North Korean hackers set up a phony research blog that included malicious code that compromised the devices of targets who followed links to the site.