Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319


Security researchers under attack from North Korea

Image Description

Individuals working for Google’s Threat Analysis Group (TAG) have discovered a cyberattack campaign coming out of North Korea that appears to be targeting security researchers. The attack is broad in scope, utilizing blog posts, fake social media profiles, and email accounts to engage with the researchers.

“Over the past several months, the Threat Analysis Group has identified an ongoing campaign targeting security researchers working on vulnerability research and development at different companies and organizations,” Adam Weidemann, a security researcher at TAG, explained. “The actors behind this campaign, which we attribute to a government-backed entity based in North Korea, have employed a number of means to target researchers which we will outline below. We hope this post will remind those in the security research community that they are targets to government-backed attackers and should remain vigilant when engaging with individuals they have not previously interacted with.”

Once contact had been established between the threat actor and the security researcher, an offer would be made to collaborate on a vulnerability research program. A Visual Studio Project would then be shared that would install malware on the researcher’s device.

Bad blog

It was also discovered that the North Korean hackers were deploying more than one attack method. In addition to the Visual Studio attack, they would also sometimes direct researchers to a blog hosted at "blog[.]br0vvnn[.]io" that contained malicious code.

Interestingly, some of the researchers that accessed the malware-ridden blog still got infected despite running the most up-to-date versions of Windows 10 and Google Chrome. This suggests that the cyberattackers must have employed some combination of zero-day vulnerabilities in order to infect their victims’ devices.

The Google TAG researchers have compiled a list of social media profiles used to deceive security researchers. If an individual does believe that they are likely to have been affected, they should conduct a thorough security audit of their devices immediately.

Via ZDNet


26 Jan 2021



Other Blog

  • Strategies businesses can use to out-innovate the competition

    Innovation requires thinking outside the box to spot new opportunities.

    Read More
  • PIA VPN rolls out new RAM servers with encrypted OS and more

    PIA has increased the speed, security and privacy protection of its VPN service with the rollout of its NextGen VPN Network.

    Read More
  • Google, Microsoft want to fix browser compatibility for good

    The initiative will fix five major CSS pain points in Chromium.

    Read More
  • NCSC: Stop delaying updates and get rid of Flash now

    Adobe Flash Player end of life approaches, so get rid of it now says NCSC.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us