03:49 GMT03 March 2021
Listen Live
    Tech
    Get short URL
    by
    6133
    Subscribe

    In mid-August 2020, the UK-based Clear Sky cybersecurity company claimed that North Korea-affiliated hackers had managed to compromise Israel’s defence networks.

    The Google Threat Analysis Group (TAG) has spotted a hacking attack on cyber security researchers that was allegedly conducted by those related to the so-called Lazarus Group, believed to be linked to the North Korean government.

    The TAG claimed in a report on Tuesday that “a government-backed entity based in North Korea” used fake profiles on various social networks, including Twitter, LinkedIn, Telegram, Discord, and Keybase, to approach security specialists involved in vulnerability research.

    TAG’s Adam Weidemann, for his part, explained that in some instances, the hacking group used emails to establish initial communications with the targeted persons.

    Shortly after, “the actors would ask the targeted researcher if they wanted to collaborate on vulnerability research together, and then provide the researcher with a Visual Studio Project”, which contained a malicious code that installed malware on the researcher's operating system, according to Weidemann.

    He added that after “a malicious service was installed on the researcher's system”, the so-called in-memory backdoor “would begin beaconing to an actor-owned command and control server”.

    In some other cases, the hackers asked security researchers to open a link that they had hosted at blog[.]br0vvnn[.]io, Weidemann said.

    The TAG researcher pointed out that many victims who entered the site “were running fully patched and up-to-date Windows 10 and Chrome browser versions” and that at the moment, the TAG is “unable to confirm the mechanism of compromise” even though it welcomes “any information others might have”.

    The suspected hacking attack comes six months after the UK-based Clear Sky cybersecurity company said that it had detected what is claimed to have been a successful cyber attack on several dozen Israeli assets carried out by the Lazarus Group.

    The hacks reportedly affected the Jewish state’s defence and government companies, as well as their employees. The Israeli Defence Ministry admitted at the time that a hacking attempt had been made, but added that it was thwarted and no sensitive information was stolen.

    Related:

    North Korean Hackers Reportedly Conduct Attacks on COVID-19 Vaccine Makers Across the World
    SolarWinds Hackers 'Impacting' State, Local Government, US Cyber Agency Says
    Dutch Prosecutors Confirm Trump's Twitter Page Compromised by ‘Ethical Hacker’ in October
    Hackers Attack Networks of Malaysian Military, Chief of Defence Forces Says
    Tags:
    Windows 10, security, hackers, government, North Korea, Google
    Community standardsDiscussion