North Korean Hackers Use Zero-Day Exploit to Hit Security Researchers

/in


Google says state-sponsored North Korean hackers are once again trying to target security researchers, this time with a new zero-day exploit that can spy on a victim’s computer. 

The suspected North Korean hackers are using Twitter and Mastodon social media accounts to build a “rapport with their targets,” Google warned in a blog post on Thursday. 

“In one case, they carried on a months-long conversation, attempting to collaborate with a security researcher on topics of mutual interest,” the company said. “After initial contact via [Twitter], they moved to an encrypted messaging app such as Signal, WhatsApp, or Wire.”

The North Korean hackers then sent a malware-laden file to the security researcher that exploited at least one unpatched vulnerability, also known as a zero-day exploit. The attack worked by first checking to see if the security researcher’s computer had installed any antivirus software. It then proceeded to collect information, including grabbing a screenshot, which was then sent to a hacker-controlled internet domain. 

Google didn’t supply details on the vulnerability, such as the software it attacked. But the company reported the flaw to the vendor, which is in the process of patching it. “Once patched, we will release additional technical details and analysis of the exploits,” Google added. 

The attack represents the latest campaign from the North Korean hackers, which have been targeting the IT security community with the same tactics since at least 2021 by pretending to be security researchers. In this new campaign, Google says the North Koreans also published a free debugging tool called “GetSymbol Project” on GitHub to trick security researchers into downloading it. In reality, the tool has “the ability to download and execute arbitrary code from an attacker-controlled domain,” meaning it can secretly infect a PC with malware.  

“If you have downloaded or run this tool, TAG [Google’s Threat Analysis Group] recommends taking precautions to ensure your system is in a known clean state, likely requiring a reinstall of the operating system,” Google warns.

To protect users, Google says its Chrome browser will start flagging…

Source…