Hackers Set Their Sights On Security Researchers

Every year brings a fresh crop of cybersecurity threats. In 2020, there was a surge in breaches, with cloud-based attacks

Become a Subscriber

Please purchase a subscription to continue reading this article.

Subscribe Now
rising 630% between January and April 2020 and phishing attempts increasing 600% since the end of February.

But while companies and consumers are most often the target of hackers, a group of government-backed hackers from North Korea have set their signs on individual security researchers. Google’s Threat Analysis Group revealed this latest threat, which uses social engineering attacks and appears to have been going on for several months.

Social engineering attacks include phishing, fraudulent communications disguised as legitimate, spear phishing, and pretexting. The fact that these types of methods are on the rise isn’t surprising, given the fact that Microsoft has reported that social engineering attacks have jumped to 20,000 to 30,000 a day in the U.S. alone. In one of the most highly publicized cases last summer, a hacker took over the Twitter accounts of several celebrities, business executives, companies, and politicians to con people into sending Bitcoin to an account. A 17-year-old hacker in Florida was eventually arrested, but not before he scammed people out of around $117,000.

According to Google, the criminals in this latest threat established a research blog and multiple Twitter profiles to interact with potential targets. They used the profiles to post links to the blog, which included “guest” posts from unwitting legitimate security researchers to make the blog look authentic.

The hackers also used platforms such as Twitter, LinkedIn, Telegram, Discord, Keybase, and email to reach out to researchers about possible collaborations on vulnerability research. They would then provide their targets with a Visual Studio Project that would contain a source code for exploiting the vulnerability, as well as an additional DLL that would be executed through Visual Studio Build Events. The DLL is custom malware that would immediately begin communicating with actor-controlled C2 domains.

This isn’t the first time security pros have been targeted. In December, cybersecurity firm FireEye confirmed that its own systems were breached by Russian operatives using “novel techniques” to make off with its own tool kit, which could be useful in mounting new attacks around the world.

These new threats indicate that nobody is immune from cyberattacks, and even well-meaning cybersecurity researchers are at risk for vulnerability. And while measures are certainly being put in place to prevent these types of exploitations, perhaps the most effective weapon is security education and training to ensure that individuals are aware of the myriad ways that cyber criminals may attempt to gain access to data.