Google reveals North Korean-backed campaign targeting security researchers


Google’s TAG team said the attackers contacted their intended victims, asking to collaborate on vulnerability research. Aside from Twitter, they also used LinkedIn, Telegram, Discord, Keybase and email to reach out to their targets, sending them a Microsoft Visual Studio Project with malware to gain entry to their systems. In some cases, victims’ computers were compromised after visiting a bad actor’s blog after following a link on Twitter. Both methods led to the installation of a backdoor on the victims’ computers that connected them to an attacker-controlled command and control server.

The victims’ systems were compromised while running fully patched and up-to-date Windows 10 and Chrome browsers. Google’s TAG Team has only seen the attackers targeting Windows systems, thus far, but it still can’t confirm “the mechanism of compromise” and is encouraging researchers to submit Chrome vulnerabilities to its bug bounty program. The team has also listed all the actor-controlled websites and accounts it has identified as part of the campaign.





Source link

Google reveals North Korean-backed campaign targeting security researchers

by govindparmar time to read: 1 min
0