Hackers Now Target Cyber Security Researchers to Steal Essential Tools Directly
Hey there, Bay Area tech enthusiasts! I’ve got a fascinating topic to talk to you about today; it’s relevant to our local industry, and important in the broader realm of cyber health. Recently, there’s been an intriguing, challenging shift happening where cyber attackers are beginning to target, not just businesses, but those working in cyber security itself. It appears that our preventive tools are now sought after for their ability to aid hijackers in creating more invasive cyber breaches.
Sounds alarming, right?
Let’s dive right in with an example from quite an interesting report by Google’s Threat Analysis Group. The report talks about a North Korean cyber gang that’s been making headlines because they are not only attacking but doing so with a unique approach. They’ve created a fake front called SecuriElite and are aiming squarely at the cyber security research community for their victims. It’s a highly strategic ploy that hits at the heart of our defence ecosystem, attempting to rob us of our crucial tools to guard against different types of cyber threats.
Now, here’s where their cunning comes to play. In an age-old technique of social engineering, this group has gained traction by targeting valid cyber security researchers. They’ve been able to carry this out by setting up numerous Twitter and LinkedIn accounts from which they’ve been talking about various cybersecurity exploits. At first glance, their reports seem legitimate, but upon closer examination, their attacks were already reported and fixed by tech companies. Despite this, they’ve gone the extra mile to create plausible proofs of these vulnerabilities to win trust within the security community.
This strategy reminds me of the notorious SolarWinds data breach conducted by Russian hackers. Similar tactics were used to target American cybersecurity researchers in an attempt to keep tabs on potential US homeland security responses.
Fast forward to today, and things have taken a very interesting turn. The same group has falsely set up a security and penetration testing firm (remember SecuriElite?). Under this guise, they’re reaching out to legitimate researchers, asking them to collaborate on various projects related to vulnerability testing and exploit discovery.
They then share a Visual Studio project with the researchers that secretly downloads a backdoor onto the researchers’ devices, a method called FallChill. You might have heard of this before – it’s a well-known tool that has been used by the notorious Lazarus group from North Korea.
Honestly, it’s a little unnerving. These attackers are aiming for the main tools used by cyber security research organisations to protect against major security breaches and newly patched zero-day flaws. The tools targeted include cyber assessment infrastructure, penetration test honeypots, and exploit monitors for key consumer systems. In the wrong hands, these tools can be reverse-engineered to bypass security systems and lay the groundwork for even more sophisticated cyber-attacks that are difficult to intercept or mitigate, even for us—the professionals.
It’s clear that we need to stay one step ahead of these actors to maintain our cyber health. This instance is a stark reminder that the world of cybersecurity is ever-evolving and the importance we place on it should be too. Keep following along with me as I delve deeper into the latest tech news and developments happening right here in the Bay!
by Morgan Phisher | HEAL Security