AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

North korean hackers target cybersecurity community with zero-day attacks

Sophisticated tactics deployed by North Korean hackers shake cybersecurity community

North Korean hackers are targeting the cybersecurity community, using social engineering tactics to establish trust with their victims. They exploit zero-day vulnerabilities in popular software, evade detection through anti-VM checks, and gather information from victims' systems. This is not their first collaboration-themed attack, as they have previously used fake personas on GitHub to lure victims. Multiple North Korean threat actors have been targeting the Russian government and defense industry, as well as supporting Russia in its conflict with Ukraine, according to Microsoft.

This pill is also available in Italian language

Threat actors associated with North Korea have been observed engaging in a series of targeted attacks against the cybersecurity community. These attacks leverage a zero-day vulnerability in undisclosed software, serving as the entry point for infiltrating the victims' systems.

Building trust through social engineering

Google's Threat Analysis Group (TAG) recently uncovered the tactics employed by these threat actors. They create fake accounts on social media platforms such as X and Mastodon to establish relationships with potential targets. Over an extended period of time, the attackers engage in conversation, looking to collaborate with security researchers on mutually interesting topics. After initial contact on social media, the conversation usually moves to encrypted messaging apps like Signal, WhatsApp, or Wire.

Exploiting a zero-day vulnerability and anti-VM checks

Once trust is established, the adversary proceeds to deliver a malicious file containing at least one zero-day vulnerability within a widely used software package. The vulnerability is currently being addressed by the respective vendor. Upon execution, the payload performs various anti-virtual machine checks to evade detection. It gathers relevant information, including a screenshot, which is then transmitted back to a server controlled by the attacker.

History of collaboration-themed lures and additional attack methods

This type of collaboration-themed baiting technique is not new for North Korean threat actors. In a similar campaignuncovered in July 2023 by GitHub, fake personas were used to lure victims, including those in the cybersecurity sector, into collaborating on GitHub repositories. In the recent findings by Google, it was also discovered that the attackers developed a standalone Windows tool called "GetSymbol," hosted on GitHub. The tool was used as a potential secondary infection vector, allowing for the download and execution of arbitrary code from a command-and-control domain. It is worth noting that multiple North Korean threat actors have been targeting the Russian government and defense industry, alongside providing support to Russia in its conflict with Ukraine, according to recent findings by Microsoft.

Follow us on WhatsApp for more pills like this

09/08/2023 09:21

Marco Verro

Last pills

Italy's success in cybersecurityHow Italy achieved excellence in global cybersecurity: strategies, collaborations, and international successes

IntelBroker alleged breach of Deloitte systemsServer exposed: how Deloitte's security may have been compromised by a cyber attack

Vo1d infections on Android TV boxes: how to protect your devicesLearn the essential measures to protect your Android TV boxes from the dreaded Vo1d malware and keep your devices safe from cyber threats

Hacker attack in Lebanon: Hezbollah under fireTechnological shock and injuries: cyber warfare hits Hezbollah in Lebanon