North Korea’s elaborate 0-day campaign hits Security Researchers

Hackers pretending to be security researchers infect multiple systems with malicious backdoor by befriending analysts.

A very ingenious social engineering campaign allowed North Korean hackers to infect multiple companies with a malicious backdoor. Their strategy was to build trusted relationships with key personnel by doing everything they could to be believable. They created their own research blog, multiple Twitter profiles, and social media accounts to look legitimate.

Having a credible and robust presence online, they first contacted researchers claiming to work on similar projects, invited them to collaborate, and infect them with malware when they least expected it.

Hackers used either a malicious backdoor in a custom Visual Studio Project or their own website to propagate the malware. They managed to infect fully patched systems, which indicated they used 0-day vulnerabilities in their attacks.

Check the source.

Read More

• 85K MySQL Servers were hit by PLEASE_READ_ME Ransomware
  Chrome, Firefox and Edge browsers get an update to fix separate bugs that both allow for remote attacks, which could potentially allow hackers to takeover targeted devices.
• The new Silver Sparrow malware infected 30,000 Macs
  Chrome, Firefox and Edge browsers get an update to fix separate bugs that both allow for remote attacks, which could potentially allow hackers to takeover targeted devices.
• Investment Scammers try to trick Dating App Users
  Chrome, Firefox and Edge browsers get an update to fix separate bugs that both allow for remote attacks, which could potentially allow hackers to takeover targeted devices.
• LodaRAT Windows Malware affects Android Devices
  Chrome, Firefox and Edge browsers get an update to fix separate bugs that both allow for remote attacks, which could potentially allow hackers to takeover targeted devices.
• Cyberpunk 2077 Publishers has suffered a ransomware attack
  Chrome, Firefox and Edge browsers get an update to fix separate bugs that both allow for remote attacks, which could potentially allow hackers to takeover targeted devices.