Hackers target security researchers
Google is currently warning of targeted cyberattacks by a group targeting security vulnerabilities in IT products. Particularly perfidious: The cybercriminals are posing as security forensics experts in order to obtain more confidential information about exploits.
A hacker group believed to be from North Korea appears to be currently targeting cybersecurity experts. Google security researcher Adam Weidemann from the Threat Analysis Group warns of this in his blogpost. He believes that attackers are targeting multiple companies and security professionals to capture more information about vulnerabilities in IT products.
Hackers disguise themselves as security researchers
The procedure is interesting and perfidious: The hackers pose as security researchers. To do this, they built up their own community and used a research blog as a front to increasingly exchange information with authentic security researchers via direct messages by also recycling the work of other security researchers. It was therefore a targeted attack via social engineering to first gain the credibility of other security researchers.
In some cases, the contact was made via Twitter, with the supposed security researchers offering cooperation and drawing attention to recently discovered exploits. The perpetrators then sent a manipulated Visual Studio project, which is usually used to develop and test software code. The code review software was then typically used to inject malware onto the victims' computers, which in turn could connect to a command-and-control server owned by the hackers.
Another method was to spread malicious code via one's own blog using malicious links. As Google warns, Windows 10 systems with Chrome browser were up to date at that time and thus not immune to attacks.
More details about fake accounts in the Google Threat Report
Source: blog.google/threat-analysis-group
