North Korean Hackers Target Security Researchers, Google Reports | Jan 27, 2021

Hey there, Bay Area family! We’ve got some cybersecurity news that might give you pause for thought. This recent event has folks in the cyber world buzzing, and we think it’s important to share with you!

Google recently made a big reveal: a North Korean government-sanctioned hacking team has been phishing around the technical world, specifically targeting our friends in the cybersecurity field. Now, you might be wondering, how did that happen? How did these “cyber spies” manage to penetrate the world of security veterans? Let’s take a look at their cheeky approach.

Apparently, these bad actors created a niche for themselves in the cybersecurity community by running a research blog and creating Twitter accounts. You know, just like our favorite influencers, except with a more sinister agenda. Would you believe they actually posed as vulnerability researchers themselves? It’s true! They were meticulously posting and retweeting stuff on Twitter, all the while linking back to their blog, where they hosted analysis of vulnerabilities that had been out and about in the big world.

And the wickedly clever part of their scheme? They even invited other experts to pen “guest” articles for their blog. Yup, legit researchers unknowingly gave these fraudsters social proof!

This is where the plot thickens. After forming a rapport with their targets, they came up with a co-research proposition. The unsuspecting researcher would be presented with a Visual Studio Project, a common tool for software development, only it was rigged with a hack. This provided these hackers a Backstage Tour Pass to systems they ordinarily wouldn’t have access to.

This entire operation appears to be a crafty means to gain an unfair advantage. As Dirk Schrader, a cybersecurity expert puts it, it’s a way to bag, “early information about the issues and vulnerabilities.” If they’re successful, they can stockpile a library of vulnerabilities they could potentially exploit, before fixes are even devised. It’s distressing to think just how much damage could be done if one of these wolf-in-sheep’s-clothing hackers were to find a freshly baked vulnerability!

Cybersecurity is in a constant war of cat and mouse, or maybe whack-a-mole is more apt. The community works earnestly to create patches to existing vulnerabilities, but those come with a bottleneck – fixed software is often delayed in its release. This creates a vacuum filled by hackers, getting the jump on vulnerabilities before they’re fixed. As Schrader noted, these are the dangers cyber folk face each day, comparing it to the infamous SolarWinds attack.

This incident serves as a stark reminder for all of us in the tech realm. As much as we advocate for cybersecurity, we must maintain constant vigilance in our own defensive processes, ensuring our resilience. This should also be an eye-opener for risk and security teams to keep watch for such coercion attempts across various communication channels, with established controls that can nip such social engineering mischief in the bud.

It’s a wild cyber world out there, folks. Bad actors are increasingly turning to under-the-radar channels for their nasty work, especially in these times of remote workers and multiple chat apps. As we traverse this digital era, let’s remember to be alert, cognizant, and safe. We might not be able to entirely prevent such offences, but we can definitely learn from them and adapt. After all, as they say, forewarned is forearmed!

by Morgan Phisher | HEAL Security