North Korean Hackers Targeting Cybersecurity Researchers

Hackers from North Korea have embarked on a sweeping intelligence gathering campaign aimed at cybersecurity researchers who hunt for vulnerabilities in corporate networks, according to Google.

The North Korean government mounted a social engineering operation for several months in hopes of engaging with the researchers, according to Google. Essential to the attack were several research blogs, YouTube videos, LinkedIn profiles and chat groups used by the hackers to build credibility in the hopes of duping the researchers, according to a Monday blog post by Google’s Threat Analysis Group.

“After establishing initial communications, the actors would ask the targeted researcher if they wanted to collaborate on vulnerability research together,” reads the blog.

The request to collaborate came with a data file purportedly for research that was equipped with secret malware. If the researcher opened the file, the hidden malicious code would immediately begin communicating with the North Korean hackers, according to Google.

In other cases, the malware was installed in the researchers’ systems after they followed a Twitter link to a cybersecurity blog to review possible vulnerabilities, according to Alphabet Inc.’s Google.

©2021 Bloomberg L.P.

BQ Install

Bloomberg Quint

Add BloombergQuint App to Home screen.