Google says North Korean state hackers are targeting security researchers on social media
- Google believes that hackers in North Korea are pretending to be cybersecurity bloggers and targeting researchers in the field on social media platforms like Twitter and LinkedIn.
- The search giant announced that its Threat Analysis Group has “identified an ongoing campaign targeting security researchers working on vulnerability research and development at different companies and organizations.”
- It attributed the campaign to a government-backed entity based in North Korea.
© Provided by CNBC
![a man sitting at a desk in front of a computer](https://www.bing.com/news/{"default":{"load":"default","w":"80","h":"42","src":"//img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1aUSMx.img?h=419&w=799&m=6&q=60&o=f&l=f"},"size3column":{"load":"default","w":"62","h":"33","src":"//img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1aUSMx.img?h=327&w=624&m=6&q=60&o=f&l=f"},"size2column":{"load":"default","w":"62","h":"33","src":"//img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1aUSMx.img?h=327&w=624&m=6&q=60&o=f&l=f"}})
Google believes that hackers in North Korea are pretending to be cybersecurity bloggers and targeting researchers in the field on social media platforms like Twitter and LinkedIn.
Load Error
The search giant announced that its Threat Analysis Group has “identified an ongoing campaign targeting security researchers working on vulnerability research and development at different companies and organizations.”
It attributed the campaign to a government-backed entity based in North Korea. The nation’s cooperation office with South Korea did not immediately respond to CNBC’s request for comment..
Google said the actors have targeted specific security researchers with a “novel social engineering” technique, although it didn’t specify which researchers have been targeted.
Google’s Adam Weidemann said in a blog on Monday that the hackers set up a research blog and created multiple Twitter profiles to engage with security researchers.
The hackers used these accounts to post links to the blog and share videos of software exploits that they claimed to have found, Google said.
They also used LinkedIn, Telegraph, Discord, Keybase and email to engage with security researchers, Google said.
“After establishing initial communications, the actors would ask the targeted researcher if they wanted to collaborate on vulnerability research together,” wrote Weidemann.
The actors then shared a group of files with the researchers that contained malware — software that is intentionally designed to cause damage to a computer, server, client, or computer network.
Google listed several accounts and websites that it believes are controlled by the hackers. The list includes 10 Twitter profiles and five LinkedIn…
