North Korea hackers use social media to target security researchers

By | January 26, 2021
North Korea hackers use social media to target security researchers
Dmitry Nogaev | Getty Images

Google has warned it has uncovered an “ongoing” state-backed hacking campaign run by North Korea targeting cyber security researchers.

The Silicon Valley group said its threat analysis team found that cyber attackers posing as researchers had created numerous fake social media profiles on platforms such as Twitter and LinkedIn. To gain credibility, they also had set up a fake blog for which they would get unwitting targets to write guest posts about actual software bugs.

After establishing communication with an actual researcher, the attackers would ask the target to work together on cyber vulnerability research and then share collaboration tools containing malicious code to install malware on the researcher’s systems.

In some cases, the attackers were able to create a backdoor to the victim’s computer even when their systems were running fully patched and up-to-date Windows 10 and Chrome browser versions, Google said.

The campaign would allow the hackers to glean insights into vulnerabilities the research community was studying to exploit them.

Several researchers wrote on Twitter in the wake of the Google statement that they had been contacted by the hackers but had not been compromised.

Google attributed the latest campaign to “a government-backed entity based in North Korea”—one of the biggest state sponsors of hacking alongside Russia, Iran, and China.

North Korea is also among the countries that have been accused of carrying out cyber attacks to steal coronavirus vaccine-related research and data. The Wall Street Journal reported last year that Pyongyang had coordinated attacks on at least six vaccine developers, including Johnson & Johnson and Novavax in the US, the UK’s AstraZeneca, and several South Korean companies.

According to analysts, North Korea’s cyber army comprises thousands of expert hackers whose targets range from smaller-scale fraud and theft of cryptocurrencies to stealing nuclear secrets and weapons technology.

Belying perceptions of the country as a technological backwater, its hackers have a record of major cyber disruptions including hacking Sony Pictures in 2014 and the WannaCry malware attack in 2017. In 2019, a UN sanctions report estimated that $2 billion had been raised for Kim Jong Un’s weapons program via North Korean cyber actors.

The latest campaign comes as cyber security companies have found themselves a particular target of hacking campaigns.

In December, cyber security group FireEye as well as Microsoft reported that they had been victims of a sprawling cyber espionage campaign run by Russian state hackers that also targeted a number of US federal agencies and private sector groups.

Additional reporting by Edward White in Seoul.

© 2021 The Financial Times Ltd. All rights reserved Not to be redistributed, copied, or modified in any way.