Google warns that it has uncovered efforts by government-sponsored North Korean hackers to target cybersecurity researchers.
According to Google, its threat analysis team found North Korean agents posing as researchers on social media platforms such as Twitter and LinkedIn. The hackers set up a fake blog for which they could get targets to write guest posts about actual software vulnerabilities and bugs, reports the Financial Times.
The tech giant says that the North Korean effort constitutes one of the largest state-sponsored cyber warfare campaigns, alongside those waged by Russia, Iran and China.
After establishing communication with a real researcher, the North Korean agents would build upon their relationship with their target to supposedly collaborate on cyber vulnerability research. The goal was to share collaboration tools containing malicious code that would install malware onto the researcher’s systems.
Google says that in some cases, the hackers were able to create a backdoor into the computers of their targets, even if they were fully updated with the latest versions of Windows 10 and Google Chrome.
Hackers would then be able to develop new exploits based on security findings made by the research community they hacked into. According to the FT, several researchers stated that they were contacted by the hackers, but had not been personally compromised.
In addition to its attempt to compromise cybersecurity researchers, North Korea has been accused of attempting to steal coronavirus vaccine-related research. In 2020, the Wall Street Journal reported that North Korean hackers coordinated intrusions into at least six vaccine developers, including Johnson & Johnson and AstraZeneca.