The Threat Analysis group identified in the a company Google is an ongoing campaign targeting security researchers working on vulnerabilities for the past few months.
The team says: A government-backed entity based in North Korea was behind the attacks, which typically use social engineering to interact with victims.
And in Post Explaining in detail the campaign, Adam Weidemann of Google’s threat analysis group explained that bad actors do their best to gain victims’ trust, often by pretending to be researchers.
Bad actors were building Its own research blogs and adding to it an analysis of publicly revealed vulnerabilities to make it appear legitimate.
The bad actors also maintained accounts via the Twitter platform to post videos of the alleged exploits in order to reach as many people as possible.
In at least one case, Google found that an account on Twitter defended a video containing an exploit that turned out to be fake that bad actors posted on YouTube.
The Google Threat Analysis Group team said: The attackers contacted their intended victims and requested cooperation in researching vulnerabilities.
Aside from the Twitter platform, they also used LinkedIn, Telegram, Discord, Keybase, and email to reach their goals, sending a Microsoft Visual Studio project with malware to enter their systems.
In some cases, victims’ computers were hacked after visiting a bad actor’s blog after following a link on Twitter.
Both methods led to the installation of a backdoor into the victims’ computers that connected these devices to a command and control server controlled by the attacker.
The victims’ systems were hacked while the Google Chrome browser and the updated Windows 10 operating system were fully running.
The Google Threat Analysis Group team believes that the attackers only target Windows systems, so far, but it is still unable to confirm the mechanism of the breach and encourages researchers to send Chrome browser vulnerabilities to the bug rewards program.
The Google Threat Analysis Group team has been included All websites controlled by the bad actors and the accounts he identified as part of the campaign.