North Korean Hackers Posed as Would-Be Collaborators to Target Security Researchers
Other Top Infosec News for 1/26/21: Former LulzSec hacker published zero-day exploit for SonicWall, Australia's corporate watchdog latest to suffer breach through Accellion, Grindr fined $11.7M, more
If you like Metacurity, recommend that your organization buy a bulk subscription today. Our special offer can deliver our daily incisive news summaries and analysis organization-wide for 50% off per reader. Thank you.
Google’s Threat Analysis Group said that North Korean hackers used multiple profiles on various social networks, such as Twitter, Linked In, Telegram, Discord, and Keybase, and email to reach out to security researchers using fake personas. The threat actors asked to collaborate on vulnerability research but instead delivered a backdoor via Video Studio Project, which contacted a remote command and control server and waiting for commands.
Sometimes the attackers asked the researchers to visit a blog that hosted malicious code that infected their machines, even in cases where the victims were running"fully patched and up-to-date Windows 10 and Chrome browser versions." (Catalin Cimpanu / ZDNet)
Related: SecurityWeek, Techmeme, Bleeping Computer, Google, BusinessLine - H…
Keep reading with a 7-day free trial
Subscribe to Metacurity to keep reading this post and get 7 days of free access to the full post archives.