North Korean Hackers Are Targeting Cybersecurity Researchers By Posing As Bloggers, Google Says


Jonathan Snyder Contributor
Font Size:

Google has identified a complex hacking campaign coordinated by the North Korean government, according to a recent report.

The hackers reportedly used a variety of platforms such as “Twitter, LinkedIn, Telegram, Discord, Keybase and email” to trick their victims and find vulnerabilities in their software, according to a Google blog post published Monday.

The government actors reportedly established credibility by creating research blogs and utilizing fake Twitter accounts to repost links and contact their targets. The blogs, which allowed guest posts by notable security researchers, strengthened their credibility, giving their victims a sense of security and trust.

Google claims that the hackers were assisted by a “government-backed entity” based in North Korea but has not given further details.

“In each of these cases, the researchers have followed a link on Twitter to a write-up hosted on blog.br0vvnn[.]io, and shortly thereafter, a malicious service was installed on the researcher’s system and an in-memory backdoor would begin beaconing to an actor-owned command and control server,” threat analyst Adam Weldmann wrote in the blog post.

The hackers have only targeted Window systems, but Google experts are reportedly at a loss as to what vulnerability they have utilized to stage the attacks. (RELATED: North Korea Publicly Executes Man For Listening To American Radio)

“At the time of these visits, the victim systems were running fully patched and up-to-date Windows 10 and Chrome browser versions. At this time we’re unable to confirm the mechanism of compromise, but we welcome any information others might have,” Weldmann added.

Google is currently offering a cash reward under, “Chrome’s Vulnerability Reward Program” for anyone who can expose an unknown vulnerability in the software.