Fake Twitter personas, bogus blog delivered North Korea-linked malware to researchers
Hackers linked to North Korea targeted cybersecurity researchers through a seemingly legitimate research blog and friendly social media accounts, Google said Monday. The goal of those social engineering techniques was simple: Earn trust, and then trick researchers into interacting online with files that implanted file-stealing malware on their computers. There were also a few cases where unwitting researchers’ machines were infected simply by direct interaction with the security blog, Google said. That part of the campaign worked even if the researchers were using “fully patched and up-to-date Windows 10 and Chrome browser versions,” according to Google’s Threat Analysis Group. Google’s findings serve as a reminder that even the most security-minded people can still be vulnerable in the digital realm. The hacking campaign preyed upon the natural inclination of many researchers to collaborate on projects and share findings. For a nation-state trying to expand its arsenal of hacking tools, anyone with […]
The post Fake Twitter personas, bogus blog delivered North Korea-linked malware to researchers appeared first on CyberScoop.