North Korean hackers target security researchers

A few days ago, security researchers at Google’s security laboratory discovered that North Korean hacker organizations pretended to be security researchers to perform social engineering on real security researchers.

From the current investigation and traceability, some security researchers are indeed deceived, and the methods used by hacker organizations can only be said to be very novel in the industry.

If it is not discovered by Google researchers, more security researchers may be deceived. I also remind everyone to be cautious about online information.

Security researchers are also called white-hat hackers. White-hat hackers refer to the use of technical means to conduct offensive and defensive research, but the purpose is not to destroy but to improve security.

The hacker we often refer to more refers to black-hat hackers, who use their own technical means to maliciously damage the target computer or steal data from the system.

Originally, white-hat hackers and black-hat hackers were opposing camps. I did not expect that North Korean hacker groups would pretend to be white-hat hackers on Twitter to try to contact and communicate with security researcher.

But its ultimate goal is to gain the trust of white-hat hackers and send malware to them, so as to attack the computer of white-hat hackers and collect related vulnerabilities and information.

In order to achieve the above goals, North Korean hacker organizations have established multiple accounts on Twitter. The introductions of these accounts all indicate that they are attracting attention from security researchers.

At the same time, these roles also have their own independent security blogs that introduce research on certain vulnerabilities. Of course, these research contents are actually theft of others.

After expanding its popularity, it can attract the attention and trust of some white hat hackers. Therefore, hackers and researchers get closer and then claim whether they are willing to cooperate in researching a vulnerability. Under normal circumstances, most researchers may agree to cooperate.

When the researchers agree to cooperate, they will receive a Visual Studio project from the hacker. On the surface, this is a project and code base used to study certain vulnerabilities.

But in fact, it contains malicious software. When the researcher runs the malicious software, it will immediately connect to the C&C server and receive various instructions issued by the hacker. The purpose of hackers may be to steal the vulnerabilities that researchers are studying.

Google security experts also discovered that there are fake exploit videos in these hacker accounts. It stands to reason that fake exploit videos should be used to enhance their credibility.

For example, one of the accounts released a CVE-2021-1647 vulnerability exploit video. This vulnerability was fixed by Microsoft earlier this month.

The demo video produced by the hacker did not actually successfully exploit the vulnerability. After all, the vulnerability has been fixed, so many researchers questioned the process under the comments of the original video.

The hacker group also used other fake accounts established to repost videos claiming that it was not a fake attempt to confuse the audience, but these behaviors themselves were to attract attention.

It is worth noting that it is not clear whether this hacker group has actually disclosed the real unfixed vulnerabilities, and the videos found so far are definitely forged.

Based on social engineering issues, Google believes that it is necessary to make more suggestions to security researchers, especially for computers that are studying vulnerabilities, it is best to use virtual machines or isolation.

This can ensure that even if the malware appears, it can only damage the virtual machine and not infect the main computer. At the same time, you should contact software developers to disclose the vulnerability.

Researchers who specialize in security issues are now also targeted by hackers, so they must pay attention to security, especially personal data, in the daily research process.