IN BRIEF Watch out, cyber security researchers: Suspected North Korean-backed hackers are targeting members of the infosec community again, according to Google’s Threat Analysis Group (TAG).
As was the case in 2021 when TAG made a similar claim, suspected North Korean agents are reaching out to targets using social media to build rapport before moving targets to secure services like Signal or WhatsApp. As was also the case in 2021, Google offered no explanation or conclusions.
“Once a relationship was developed with a targeted researcher, the threat actors sent a malicious file that contained at least one 0-day in a popular software package,” TAG researchers wrote. Google didn’t mention the affected vendor, but said efforts were underway to deploy a patch.
Per Google, shellcode in the malicious file collects information on affected systems and sends it back to C2 servers. “The shellcode used in this exploit is constructed in a similar manner to shellcode observed in previous North Korean exploits,” TAG explained.