It happened when no one was watching – at least the victims might tell you that. In a social engineering campaign for the record books, a North Korean-backed group of nation-state hackers did the unthinkable. They recently targeted cybersecurity researchers and lured them into a malware-laden trap. It started with a highly targeted phishing and social media campaign, otherwise known as socially engineered attacks. So how and why would cybersecurity professionals fall for something we should all know are hacking red flags? If nothing else, it shows than anyone and everyone can be hacked, especially when they’re not paying attention.
According to the Threat Analysis Group, over the past several months there’s been an ongoing campaign by North Korea to target security researchers at different organizations in the U.S. In particular, the security researchers investigated vulnerability issues in systems that could lead to hacking opportunities. Irony aside, North Korea used several platforms to hook the researchers including LinkedIn, Twitter, Discord, Telegram, and of course, email. To build credibility, the nation-state hackers built a fake research blog and several bogus Twitter profiles to engage the researchers. They also posted links, videos, and retweets through Twitter that amplified their manufactured legitimacy. On March 17th, the hackers created a new company with all the social media profiles called "SecuriElite".
After getting the researchers on the hook, the hackers invited them using a number of engineered options to collaborate on a Visual Studio Project. The victims accepted, never suspecting the project itself was the source of code the North Korean hackers used to inject malware. The hackers used these and other ploys to further their socially engineered attacks.
For everyday users and for those who should absolutely know better, remembering to follow basic security steps can help avoid a hacking situation. Vigilance is always necessary, especially when communicating with those you don’t know on social media or by email. Never follow links in content or open attachments, as the links can go to bogus websites and the attachments can be malware-filled. Remember, if you can’t absolutely verify the sender is legitimate, don’t engage with them in any way. Limit what you post on social media and communities you participate in. Often, phishing links are posted there as well, so watch out for those.
According to Google, it didn’t take much to pull the victims into the hack. Some researchers simply visited a website set up by the hackers that was full of malware. Google reports the victim systems were fully patched and had the latest updates to their Windows 10 and Chrome browsers. They believe the hackers may have exploited unknown vulnerabilities in both systems, called zero-day exploits.
The North Korean hacking campaign exposed that even the researchers made common security mistakes, starting with the belief the campaign and those behind it were legitimate. The nation-state actors succeeded in hacking what should be an un-hackable group of professionals – cybersecurity researchers. It’s a reminder to us all that anyone can be a target, even those you would least expect.