North Korean Hackers Use Zero-Day Exploit To Hit Security Researchers
Google says state-sponsored North Korean hackers are once again trying to target security researchers, this time with a new zero-day exploit that can spy on a victim’s computer.
The suspected North Korean hackers have been doing so by using Twitter and Mastodon social media accounts to build a “rapport with their targets,” Google warned in a blog post on Thursday.
“In one case, they carried on a months-long conversation, attempting to collaborate with a security researcher on topics of mutual interest,” the company said. “After initial contact via X, they moved to an encrypted messaging app such as Signal, WhatsApp or Wire.”
The North Korean hackers then sent a file to the security researcher that was actually a malicious software package that exploited at least one unpatched vulnerability, also known as a zero-day exploit. The attack worked by first checking to see if the security researcher’s computer had installed any antivirus software. It then proceeded to collect information, including grabbing a screenshot, which was then sent to a hacker-controlled internet domain.
Google didn’t supply details to the vulnerability, such as the software it attacked. But the company has already reported the flaw to the vendor, which is already in the process of patching the flaw. “Once patched, we will release additional technical details and analysis of the exploits,” Google added.
The attack represents the latest campaign from the North Korean hackers, which have been targeting the IT security community with the same tactics since at least 2021 by pretending to be security researchers themselves. In this new campaign, Google says the North Korean actors also published a free debugging tool called “GetSymbol Project” on Github
Read more on pcmag.com
