North Korean Hackers Targets Cybersecurity Researchers Zero-Day Exploitation by
Latest Update

North Korean Hackers Targets Cybersecurity Researchers Zero-Day Exploitation by

Posted on by Anish Bht

North Korean Hackers Targets Cybersecurity Researchers Zero-Day Exploitation by

North Korean threat actors have been targeting the cybersecurity community recently by exploiting a zero-day software vulnerability. Google’s Threat Analysis Group (TAG) discovered that these attackers created fake accounts on social media platforms like X (formerly Twitter) and Mastodon to build relationships with potential targets.

They even engaged in lengthy conversations with security researchers, moving to encrypted messaging apps like Signal, WhatsApp, or Wire. Through social engineering, they tricked victims into downloading a malicious file containing a zero-day exploit. This exploit checked for virtual machines and sent data, including screenshots, to an attacker-controlled server.

One of their suspended accounts on X has been active since at least October 2022, where they released proof-of-concept exploit code for Windows Kernel vulnerabilities. This method of collaboration-themed lures is not new, as North Korean actors have used it before to infect victims.

Google TAG also discovered a Windows tool called “GetSymbol,” hosted on GitHub, which the attackers developed as a secondary infection vector. This tool, available since September 2022, allowed reverse engineers to download debugging symbols but also execute arbitrary code from a command-and-control domain, According to The Hacker News

Furthermore, North Korean threat actors, known as ScarCruft, have used LNK file lures in phishing emails to deliver a backdoor for data theft and malicious instructions. Microsoft reported that multiple North Korean threat actors have targeted the Russian government and defense industry while supporting Russia in its conflict with Ukraine.

Additionally, North Korean threat actors have breached defense companies and research institutions in various countries, including Germany, Israel, Russia, Brazil, Czechia, Finland, Italy, Norway, and Poland, to bolster their military capabilities.

Lastly, the Lazarus Group, another North Korean actor, was implicated in stealing $41 million in virtual currency from Stake.com, an online casino and betting platform. These cyber operations serve North Korea’s objectives of intelligence collection, military enhancement, and cryptocurrency acquisition, for more

Leave a Reply

Your email address will not be published. Required fields are marked *