Google’s Threat Analysis Group (TAG) has discovered a new threat campaign by North Korean hackers, targeting cybersecurity researchers with zero-day exploits.
Approaching them via social media platforms, the hackers build rapport with their targets to make them install notable software – but having at least one zero-day bug to be exploited. Once it infiltrates their systems, they collect sensitive data for further exploitation.
Exploiting Researchers For Their Data
Google’s TAG team has uncovered a new campaign led by state-sponsored North Korean hackers, targeting cybersecurity researchers, possibly for their intelligence collection.
As Google researchers noted, the campaign starts with the threat actors approaching their targets via social media platforms, like X, to build a friendly relationship based on working on a mutual interest. After creating enough trust, the threat actor will send a notable file with at least one zero-day bug to compromise the target.
On successful penetration into their target’s system, the hacker will start collecting a series of anti-virtual machine information via a shellcode and then send it along with a screenshot to the hacker’s C2. Researchers noted the concerned shellcode used in this exploitation is similar to that observed in previous North Korean exploit campaign from 2021.
Google’s TAG team has shared their report with the concerned software vendor for the patch and will release more details on the zero-day bug once a patch is available.
This aside, the hackers have been spotted using yet another attacking vector to compromise their targets. Researchers noted the development of tweaked GetSymbol, a standalone Windows tool to ‘download debugging symbols from Microsoft, Google, Mozilla and Citrix symbol servers for reverse engineers‘.
While this tool appears to be a helpful utility like vulnerability research, it can also download and execute arbitrary code from an attacker-controlled domain, warns researchers. If you downloaded and ran this tool in any suspicious situation earlier, the TAG team recommends a clean install to keep your system safe.
Other Trending News:- News
