January 26, 2021: Google believes that North Korean hackers pretend to be cybersecurity bloggers and target researchers in the field on social media platforms like Twitter and LinkedIn.
The search giant announced that its Threat Analysis Group has “identified an ongoing campaign targeting security researchers working on vulnerability research and development at different companies and organizations.”
It attributed the campaign to a government-backed entity based in North Korea.
Google said the actors had targeted specific security researchers with a “novel social engineering” technique, although it didn’t specify which researchers have been targeted.
On Monday, Google’s Adam Weidemann said that the hackers set up a research blog and created multiple Twitter profiles to engage with security researchers.
The hackers used these accounts to post links to the blog and share videos of software exploits that they claimed to have found, Google said.
They also used LinkedIn, Telegram, Discord, Keybase, and email to engage with security researchers, Google said.
Google listed several accounts and websites that are controlled by the hackers. The list includes 10 Twitter profiles and five LinkedIn profiles.
Google said the victims were running fully patched and up-to-date versions of Windows 10 and its Chrome browser.
“At this time, we’re unable to confirm the mechanism of compromise, but we welcome any information others might have,” Weidemann wrote.
“Chrome vulnerabilities, including those being exploited in the wild, are eligible for reward payout under Chrome’s Vulnerability Reward Program. We encourage anyone who discovers a Chrome vulnerability to report that activity.”