In a nutshell: Google detailed how North Korean hackers mounted a sophisticated social engineering campaign to infect cybersecurity researchers with malware. The entrada included numerous social media accounts and fifty-fifty a research "blog" created to build credibility. Some researchers were infected using Visual Studio files embedded with malware, while others were infected past merely visiting a website.

According to Google's Threat Analysis Group, state-sponsored North Korean hackers are targeting security researchers via social engineering. Writing in a blog post, the group says that the campaign specifically targeted researchers working on vulnerability research and development. The campaign has been going for the "by several months."

The hackers attempted to found a rapport with the security enquiry community past creating a blog and several Twitter accounts. The blog itself featured write-ups of previously discovered vulnerabilities and "guests posts" with legitimate security researchers on the bylines. The various Twitter accounts would post links to their web log, retweet the other posts, and link to YouTube videos of alleged exploits. Google says this was probable an try to build credibility with other researchers.

Ane YouTube video claimed to exploit CVE-2021-1647, an actual Windows Defender vulnerability that Microsoft recently patched. However, Google (along with eagle-eyed YouTube commenters) noticed that the video was simulated. The attackers attempted to double downwards on their exploit claims by retweeting the video using some other Twitter account, stating that "I think this is not a fake video."

In one case the hackers establish communications with a security researcher, they invite the person to interact on some "research." The attackers and then transport the target a Visual Studio Project file embedded with malware. Upon opening the file, the malicious program establishes a connexion dorsum to the hackers.

Even scarier, Google confirmed that some researchers were infected past only visiting the hackers' blog. A fully patched Windows 10 system and up to appointment Chrome browser did not stop the infection. Unfortunately, Google could not verify exactly how the researchers' fully updated systems were infected other than they all clicked on a link to a blog that surreptitiously installed a malicious service. This service creates an in-retentivity backdoor to a command and command server.

The attackers used multiple social media platforms to target security researchers, including Twitter, LinkedIn, Telegram, Discord, and Keybase. Google helpfully listed every known account and domain used by the attackers. Information technology is concerning because it shows that even experienced cybersecurity experts can be fooled by a sophisticated enough social engineering entrada. Anyone interested in security inquiry should check out the full blog mail service to lessen their chances of becoming a target.