Google outs suspected North Korean hackers

Bank review, current USBR score and consumer report

Google security researchers are warning people to be on the lookout for a squad of sly hackers believed to be North Korean agents.

Like last year’s Twitter VIP account takeovers, the newly discovered hacking campaign, unveiled Monday, shows the effectiveness of so-called social engineering—or good old-fashioned trickery. In this case, the hackers lured victims by presenting themselves, through fake online personas, as friendly computer security pros.

The attackers sought first to establish their reputations. They did this, in part, by uploading doctored YouTube videos of supposed hacks to show off their skills. (“A careful review of the video shows the exploit is fake,” Google researchers noted.) They also blogged about the inner workings of software vulnerabilities, sometimes impersonating legitimate cybersecurity experts in “guest” author posts.

After building credibility, the hackers moved to ensnare their marks. They sent messages to cybersecurity pros using a variety of channels: Twitter, LinkedIn, Telegram, Discord, Keybase, and email, among them. Members of so-called “infosec” Twitter, the online community of security pros, are sharing screenshots and anecdotes of their encounters with the predators—a point of pride for some.

The wool-clad wolves used two methods to compromise people’s machines. Sometimes they would send a target an infected file under the pretense of collaborating on vulnerability research. Once downloaded, the file would install a “backdoor” on the target’s machine.

Other times, the hackers used what’s called a “drive by” attack. They would ask the mark to visit their website, which ran poisoned code. Even seemingly innocuous browsing could lead to malware installation. (I won’t link to the site here, for obvious reasons.)

Alarmingly, Google isn’t quite sure how the hackers infected people’s computers using the drive-by method. The victims were running “fully patched and up-to-date Windows 10 and Chrome browser versions,” meaning their defenses were up, Google researcher Adam Weidemann wrote. “At this time we’re unable to confirm the mechanism of compromise, but we welcome any information others might have,” he said, urging people to report any findings through Google’s bug bounty program.

“We hope this post will remind those in the security research community that they are targets to government-backed attackers and should remain vigilant when engaging with individuals they have not previously interacted with,” Weidemann said.

I would add that it’s not just security researchers who ought be on the lookout. If you’ve got something other people might want—whether that’s the “keys” for account ownership resets at Twitter, coveted hacking exploits, a relationship with other contacts who could be targeted, or whatever else—then, sooner or later, you’re going to be a target too.

Never drop your guard.

Robert Hackett

Twitter: @rhhackett

robert.hackett@fortune.com

11 Things You Should Know Before You Get Your First Credit Card

A credit card may seem like just another tool to help you make purchases, but it can be much more. When used responsibly, a credit card can help you build

What Is a Balance Transfer, and Should I Consider Doing One?

In a perfect world, no one would carry a balance on their credit card. We would all pay our bills in full each month and never have to worry about

How Is Credit Card Interest Calculated?

So your bank tells you that your credit card has a 15% APR. What does that actually mean? How does your bank calculate your interest rate, and how does that translate into how much you actually pay? …

What Is a Balance Transfer, and Should I Consider Doing One?

In a perfect world, no one would carry a balance on their credit card. We would all pay our bills in full each month and never have to worry about

Subscribe to our e-mail list and stay up-to-date with all our news.

The US Bank Review is an independent authority and bank watchdog group monitoring financial institutions operating the in United States. We have no affiliation with any banks featured, reviewed or profiled. All rights reserved. Terms of use and Privacy Policy