Jan 27, 2021 - Technology

North Korean hackers targeted U.S. security researchers

Illustration of a laptop with a target on the screen

Illustration: Sarah Grillo/Axios

Suspected North Korean state hackers have been using social engineering schemes to target security researchers, according to researchers with Google’s Threat Analysis Group.

Driving the news: Using platforms "including Twitter, LinkedIn, Telegram, Discord, Keybase and email," the hackers themselves posed as threat researchers in order to build legitimate profiles and backstories.

  • "After establishing initial communications, the actors would ask the targeted researcher if they wanted to collaborate on vulnerability research together, and then provide the researcher with a Visual Studio Project," write the Google researchers.

One security researcher described how he was targeted — and later compromised — by someone he later realized was a North Korean operative.

  • "Hey folks, story time. A guy going by the name James Willy approached me about help with a 0-day. After providing a writeup on root cause analysis I realized the visual studio project he gave me was backdoored," wrote Alejandro Caceres, the researcher.
  • "Anyway, yes I was hacked," wrote Caceres. "No, no customer information was leaked, this was on a private [virtual machine] for this exact reason."

The Google team also said that the North Korean hackers set up a phony research blog that included malicious code that compromised the devices of targets who followed links to the site.

Go deeper