User:Wysholp/sandbox
Subpages of User:Wysholp/sandbox | |
---|---|
Lazarus Group targeting security researchers in 2021
[edit](for Lazarus Group#History)
In January 2021, Google and Microsoft both publicly reported on a group of North Korean hackers targeting security researchers via a social engineering campaign, with Microsoft specifically attributing the campaign to Lazarus Group.[1][2][3]
The hackers created multiple user profiles on Twitter, GitHub, and LinkedIn posing as legitimate software vulnerability researchers, and used those profiles to interact with posts and content made by others in the security research community. The hackers would then target specific security researchers by contacting them directly with an offer to collaborate on research, with the goal of getting the victim to download a file containing malware, or to visit a blog post on a website controlled by the hackers.[3]
Some victims who visited the blog post reported that their computers were compromised despite using fully patched versions of the Google Chrome browser, suggesting that the hackers may have used a previously unknown zero-day vulnerability affecting Chrome for the attack;[1] however, Google stated that they were unable to confirm the exact method of compromise at the time of the report.[2]
- ^ a b Newman, Lily Hay. "North Korea Targets—and Dupes—a Slew of Cybersecurity Pros". Wired. ISSN 1059-1028. Retrieved 2023-03-17.
- ^ a b "New campaign targeting security researchers". Google. 2021-01-25. Retrieved 2023-03-13.
- ^ a b Intelligence, Microsoft Threat Intelligence Center (MSTIC), Microsoft Defender Threat (2021-01-28). "ZINC attacks against security researchers". Microsoft Security Blog. Retrieved 2023-03-13.
{{cite web}}
: CS1 maint: multiple names: authors list (link) - ^ "Lazarus hackers target researchers with trojanized IDA Pro". BleepingComputer. Retrieved 2023-03-13.