On Tuesday, CNBC reported that Google has uncovered a new twist in the cyber spy game, courtesy of North Korean state hackers who are trying yet another hacking angle. This time, it appears they’re targeting security researchers directly on social media.
Google’s Threat Analysis Group (TAG) uncovered a campaign in which bad actors worked a confidence ploy to create credibility with security researchers by building out a research blog. The fraudsters also created multiple Twitter profiles and personas on LinkedIn, Telegram, Discord, Keybase, and via email so they could interact with potential targets. A brassy bunch, the actors even used their new Twitter profiles for posting links to their blog and posting videos of their claimed exploits.
Anyone concerned should pay attention to the details
To date, Google’s threat analysts say they’ve only seen these actors targeting Windows systems as a part of this campaign and that even computers running "fully patched and up-to-date Windows 10 and Chrome browser versions" still got infected.
Nonetheless, a red flag has been raised, and Google recommends that potential targets compartmentalize their research activities by “using separate physical or virtual machines for general web browsing, interacting with others in the research community, accepting files from third parties and your own security research.”
To help identify the sites, blogs, and accounts to stay away from, TAG has published a full list of actor controlled sites and accounts. It’s available here.
Google remains vigilant about security issues. To help circle the wagons against digital insurrections, the company offers rewards of up to $150,000 for anyone who can lead them to Chrome-related vulnerabilities like the ones leveraged in this situation.