Everyday users of the internet are always being hunted by today’s cybercriminal organizations. From phishing attacks to malware spreads, hackers employ countless examples of social engineering tricks and sophisticated techniques to bypass system security and breach all sorts of precious personal data.
Now, even security researchers are no longer safe from being targeted. As those at the forefront of modern-day cybersecurity, security researchers strive to strengthen our defences against the ever-growing threat posed by cybercriminals from around the globe, who keep innovating and evolving their technology to steal data and access.
State-sponsored cybercrime is leading the charge against security researchers, with the campaign of North Korean-linked hackers targeting these security research teams being the most concerning example.
On January 26, Google’s Threat Analysis Group announced that this campaign not only targeted the people involved in vulnerability research and development, but cybersecurity frameworks and infrastructure as well.
Trickery and Deceit
This cybercriminal campaign is essentially a phishing attack that specifically targets cybersecurity researcher communities in online platforms such as Twitter or LinkedIn. Using fake account names that masquerade as actual researchers, they share links to blogs that they claim to contain exploits in the field of cybersecurity. They also reshare posts on the social media platforms to boost credibility, enough to make into the small yet closely knit networks of cybersecurity researchers.
By successfully assimilating into the community of researchers, they manage to build their credibility in the community to the point that no one questions their motives. Upon the acceptance of invitations to ‘other’ researchers to collaborate and work together on projects similar to publicly available exploits that have since been patched, they then share Visual Studio Projects that contain hidden source code and DLL, a custom malware that immediately starts communicating with the hacker after it breaches the system.
These North-Korean hackers, under the guise of these fake identities, have gone to all lengths to ensure that their campaign is not ousted. They used networks of such similar identities to clamp down on anyone claiming their links to be fraudulent. This network of deceiving fake researchers would endorse each other’s posts, along with fake video captures indicating successful exploits.
State Sponsored Cyber-Warfare
Unfortunately, many researchers have had their defences compromised to these ingenious socially engineered tactics. Now, a publicly available list of such fake aliases have been announced for actual researchers to avoid or review their systems for in case of contact.
The North-Korean teams of hackers, although not equipped with world-leading technology, are not short on dedication. The aim of this entire campaign is to uncover the existence of pre-existing vulnerabilities that are not publicly available and only accessible by the research experts. By taking advantage of these secret findings, they can acquire more systems and data, which will ultimately induce the flow of revenue into the state.
The country faces worldwide sanctions that have led to a crippling economy. This particular cybercriminal campaign, and many others operating alongside, offer a major source of capital to the nation.