In mid-August 2020, the UK-based Clear Sky cybersecurity company claimed that North Korea-affiliated hackers had managed to compromise Israel’s defence networks.
The Google Threat Analysis Group (TAG) has spotted a hacking attack on cyber security researchers that was allegedly conducted by those related to the so-called Lazarus Group, believed to be linked to the North Korean government.
The TAG claimed in a report on Tuesday that “a government-backed entity based in North Korea” used fake profiles on various social networks, including Twitter, LinkedIn, Telegram, Discord, and Keybase, to approach security specialists involved in vulnerability research.
TAG’s Adam Weidemann, for his part, explained that in some instances, the hacking group used emails to establish initial communications with the targeted persons.
He added that after “a malicious service was installed on the researcher’s system”, the so-called in-memory backdoor “would begin beaconing to an actor-owned command and control server”.
In some other cases, the hackers asked security researchers to open a link that they had hosted at blog[.]br0vvnn[.]io, Weidemann said.
The suspected hacking attack comes six months after the UK-based Clear Sky cybersecurity company said that it had detected what is claimed to have been a successful cyber attack on several dozen Israeli assets carried out by the Lazarus Group.
The hacks reportedly affected the Jewish state’s defence and government companies, as well as their employees. The Israeli Defence Ministry admitted at the time that a hacking attempt had been made, but added that it was thwarted and no sensitive information was stolen.
0.00 (0%) 0 votes