North Korean hacker target security researchers ( Pexels/Soumil Kumar )
A North Korean government hacking group has targeted numerous members of the cybersecurity community, thus engaging in vulnerability research.
North Korean hackers target cybersecurity
According to Google, the attacks have been identified by TAG or Google Threat Analysis Group, which is a Google Security team that specializes in hunting APT or advanced persistent threat groups.
In a report published in January 26, Google stated that the hackers from North Korea used numerous profiles on different social media platforms to attack security researches using fake profiles. Some of the social media platforms are Twitter, LinkedIn, Telegram, Discord and Keybase.
Google stated that after establishing initial communications, the actors would then ask the targeted researcher if they wish to collaborate on vulnerability research, and then give the researcher a Visual Studio Project, according to ZDNet.
The Visual Studio project has malicious code that installed malware on the targeted researcher’s OS or operating system.
The malware acts as a backdoor. It contacts a remoted comment and the control server and they wait for commands. The malware was also later linked to the Lazarus Group, which is a well-known North Korean state-sponsored operation, according to Australian Financial Review.
Social media tool for malware and cybercrime
Social media are based on users forming connections with other people. The connections are based on friendship, family ties, neighborhood, shared beliefs, profession, mutual interest and similar views.
Because of this, it is not surprising that many social media users may be under the illusion that they are in the company of people who have good intentions. There are disastrous consequences on privacy and online security when using social media, according to WebRoot.
The main target for malware propagation, data leakage and cybercrime are emails. Social networks have become a battleground in the fight against malware, data loss and cybercrime. So what are the most common attacks?
Hackers use malware to hijack a user’s credentials and impersonate them. They would send out fake requests and fake messages to user’s friends, peers and family. Often, these messages will then include an external link that leads to a website but is, in fact, a URL that will run malicious code on the user’s tablet, computer or smartphone.
One of the most common avenue of cybercrime and data loss is phishing. The hacker creates a fake profile that pretends to be a person that is trusted by the victim.
Spam is any unsolicited message on any platform. On social media, spam comes in the form of wall posts, chats and comments. Social media spam has proven to be more potent than its email counterpart for three main reasons. First, people spend much more time on social platforms than on email.
The second is that social media spam can be embedded in legitimate conversation. Third, social network themselves rely on user flagging to delete, identify and block spam.
De-anonymization is a data mining strategy whereby unidentified information is cross-referenced with know and public data in order to remove a person’s anonymity. Social media networks use data sharing, contact connection and content searching. This crime makes them a powerful tool for de-anonymization.