North Korea Hackers Targets Cybersecurity Researchers In Disturbing Attack

( Things aren’t looking good for the relationship between North Korea and the United States with Joe Biden in the White House. Big Tech behemoth Google has reportedly identified a complex hacking campaign that they believe is organized and run by the corrupt communist government of North Korea.

In a Google blog post published on Monday, the search engine giant and owner of YouTube revealed how hackers are reportedly using a range of social media platforms to trick victims and discover vulnerabilities in software. The blog reveals how North Korean hackers are using Telegram, Discord, email, Keybase, Twitter, and LinkedIn to find their victims.

“Over the past several months, the Threat Analysis Group has identified an ongoing campaign targeting security researchers working on vulnerability research and development at different companies and organizations,” the blog post revealed.

“The actors behind this campaign, which we attribute to a government-backed entity based in North Korea, have employed a number of means to target researchers which we will outline below,” they added, before saying that they hope the post would remind those within the security research community that they are targets of government-backed attackers.

Google explained how actors established multiple Twitter profiles and a research blog to build credibility and engage with their targets. They would use the accounts to post videos of their claimed exploits and gain retweets from other accounts that they also controlled.

The blogs shared on Twitter allowed guest posts by notable security researchers, too, giving victims a sense that the accounts they were acting with were legitimate.

“In each of these cases, the researchers have followed a link on Twitter to a write-up hosted on blog.br0vvnn[.]io, and shortly thereafter, a malicious service was installed on the researcher’s system and an in-memory backdoor would begin beaconing an actor-owned command and control servers, Adam Weldmann, a threat analyst, explained in the post.

Google experts say they do not know what vulnerabilities were utilized to pull off the attacks, either.

“At the time of these visits, the victim systems were running fully patched and up-to-date Windows 10 and Chrome browser versions,” Weldmann said, explaining how researchers were using secure systems.

“At this time we’re unable to confirm the mechanism of compromise, but we welcome any information others might have,” he said.

There is currently a cash reward available from Google for anyone who can find vulnerabilities in the Google Chrome software…so now might be the time for security experts and hackers to start figuring this one out.

Meanwhile, what will President Joe Biden do about this?