North Korean Hackers Seek Revenge on Researchers

This post is also available in: עברית (Hebrew)

North Korean hackers are targeting cybersecurity researchers in a revenge campaign for spying on them. Their tactic is to appear friendly and collaborative, only to blast the victim’s systems with malware, according to Google’s Threat Analysis Group (TAG).

Google’s team is warning that malicious North Korean cyber-actors are scamming their way into attacks, stating that they use social media sites to connect with their targets, even carrying weeks-long conversations with security researchers on topics of mutual interest.

According to Cybernews, these threat actors establish their online presence and credibility, contact their researcher victims and start a conversation that eventually moves to other messaging apps like Signal, WhatsApp, or Wire. They then send a malicious file containing malware, which then starts collecting and sending the information back to the attacker.

In another exploitation tactic, malicious actors developed a “useful tool” for researchers – a standalone Windows application to “download debugging symbols from Microsoft, Google, Mozilla, and Citrix symbol servers for reverse engineers.”

Researchers explained that this tool appears on the surface to be a useful utility for quickly and easily downloading symbol information from a number of different sources, but it also has the ability to download and execute arbitrary code from an attacker-controlled domain. They further instruct anyone using this tool to be careful and ensure the system is in a known clean state, adding that the operating system will likely require a fresh reinstall.

TAG hopes to raise the public’s awareness and understanding of the tactics and techniques that are used by cybercriminals to enhance threat-hunting capabilities and lead to stronger user protections across the industry.