"North Korean Hackers Target Security Researchers With Zero-Day Exploit"

Using a zero-day exploit, North Korean threat actors are attempting to compromise the machines of security researchers. The warning comes from Google's security researchers Clement Lecigne and Maddie Stone, who have described the government-backed attack campaign. The threat actors initially contacted the researchers via social media, such as X (formerly Twitter) or Mastodon, under the guise of security research collaboration. After moving the conversation to end-to-end encrypted instant messaging apps, including Signal, WhatsApp, and Wire, and establishing trust, they would deliver a malicious file containing a zero-day exploit. Lecigne and Stone note that, upon successful exploitation, the shellcode runs a series of anti-Virtual Machine (VM) checks and then sends the collected information along with a screenshot to an attacker-controlled command-and-control (C2) domain. The attackers also tried pointing the researchers towards a Windows tool named GetSymbol that downloads debugging symbols from Microsoft, Google, Mozilla, and Citrix symbol servers for reverse engineers, but can also download and execute arbitrary code from an attacker-controlled domain. This article continues to discuss North Korean hackers trying to compromise security researchers' machines with a zero-day exploit.

Help Net Security reports "North Korean Hackers Target Security Researchers With Zero-Day Exploit"