Google recently announced that a hacking group from North Korea has been targeting members of the cybersecurity community who were engaging in vulnerability research.
Indeed, the attacks were found out by the Google Threat Analysis Group (TAG), a security team specializing in hunting advanced persistent threat (APT) groups. The TAG team stated that the North Korean hackers used profiles on various social networks or emails in order to reach out to security researchers who were using fake personas.
Then the hackers asked if they were interested in collaborating on vulnerability research before giving them a Visual Studio Project. The Visual Studio project contained malicious code that would install malware on the targeted researcher’s operating system.
It was found out that the malware was linked to the Lazarus Group, a well-known North Korean state-sponsored operation.
However, in other cases, the hackers shared a blog with the researchers that hosted malicious code, which then would infect the computer after accessing the site.
Hence, the Google TAG team is currently investigating the attack and is asking the cybersecurity community to come forward if they know anything about it. Besides, the security researchers were recommended to review their browsing histories to make sure they weren’t targeted as well.
Targeting security researchers could allow the hackers to exploit vulnerabilities and deploy them in their own attacks.