North Korean hackers have staged an audacious attack targeting cybersecurity researchers, many of whom work to counter hackers from places like North Korea, Russia, China and Iran. The attack involved sophisticated efforts to deceive specific people, which raises the level of social engineering, or phishing attacks, and enters the realm of spy tradecraft.
The attack, reported by Google researchers, centered on fake social media accounts on platforms including Twitter. The fake personas, posing as ethical hackers, contacted security researchers with offers to collaborate on research. The social media accounts included content about cybersecurity and faked videos purporting to show new cybersecurity vulnerabilities.
The hackers enticed the researchers to click links to shared code projects – repositories of software related to cybersecurity research – that contained malicious code designed to give the hackers access to the researchers’ computers. Several cybersecurity researchers reported that they fell victim to the attack.