- Sputnik International
Get the latest news from around the world, live coverage, off-beat stories, features and analysis.

Google Claims North Korean Hackers Penetrate Security Researchers’ ‘Up-to-Date Windows 10 Versions’

CC0 / / Hacker
Hacker - Sputnik International
In mid-August 2020, the UK-based Clear Sky cybersecurity company claimed that North Korea-affiliated hackers had managed to compromise Israel’s defence networks.

The Google Threat Analysis Group (TAG) has spotted a hacking attack on cyber security researchers that was allegedly conducted by those related to the so-called Lazarus Group, believed to be linked to the North Korean government.

The TAG claimed in a report on Tuesday that “a government-backed entity based in North Korea” used fake profiles on various social networks, including Twitter, LinkedIn, Telegram, Discord, and Keybase, to approach security specialists involved in vulnerability research.

TAG’s Adam Weidemann, for his part, explained that in some instances, the hacking group used emails to establish initial communications with the targeted persons.

Shortly after, “the actors would ask the targeted researcher if they wanted to collaborate on vulnerability research together, and then provide the researcher with a Visual Studio Project”, which contained a malicious code that installed malware on the researcher's operating system, according to Weidemann.

He added that after “a malicious service was installed on the researcher's system”, the so-called in-memory backdoor “would begin beaconing to an actor-owned command and control server”.

In some other cases, the hackers asked security researchers to open a link that they had hosted at blog[.]br0vvnn[.]io, Weidemann said.

The TAG researcher pointed out that many victims who entered the site “were running fully patched and up-to-date Windows 10 and Chrome browser versions” and that at the moment, the TAG is “unable to confirm the mechanism of compromise” even though it welcomes “any information others might have”.

The SolarWinds logo is seen outside its headquarters in Austin, Texas, U.S., December 18, 2020. - Sputnik International
Microsoft Says Solarwinds Hackers Were Able to View Its Source Code
The suspected hacking attack comes six months after the UK-based Clear Sky cybersecurity company said that it had detected what is claimed to have been a successful cyber attack on several dozen Israeli assets carried out by the Lazarus Group.

The hacks reportedly affected the Jewish state’s defence and government companies, as well as their employees. The Israeli Defence Ministry admitted at the time that a hacking attempt had been made, but added that it was thwarted and no sensitive information was stolen.

To participate in the discussion
log in or register
Заголовок открываемого материала