cognitive cybersecurity intelligence

News and Analysis


North Korean Hackers Target Security Researchers, Google Reports | January 27, 2021

Hey there, Bay Area! Just an important heads up from the cybersecurity frontlines: Google has recently reported that a North Korean government-backed hacking group has zeroed in on folks within our industry, particularly those focused on vulnerability research.

Reading into Google’s Threat Analysis Group (called TAG for short), who are basically the IT equivalent of Sherlock Holmes, this hacking group isn’t just a one-trick-pony. They’ve crafted an entire world around themselves to deceive cyber professionals. It’s like the plot of a Hollywood thriller – they’ve set up an expert-looking research blog and multiple Twitter profiles to fake it till they make it.

Take a stroll through their blog and you’d see the imposters appear legit. With detailed analysis of vulnerabilities and guest posts from real cybersecurity researchers, who don’t seem to know they’re contributing to a sham, the ruse looks remarkably authentic. And it doesn’t stop there. Our stealthy antagonists further their plot by personally reaching out to select security researchers, craftily asking them to collaborate. How do they pitch it? With a ‘Visual Studio Project’, of course!

Now, let’s engage gears here and chat about why this is a problem. To paraphrase Dirk Schrader, a top dog in the cybersecurity world, these con artists are trying to jump the queue and get wind of security issues in their early stages. By making a façade of collaboration, they’re actively trying to harvest crucial information straight from the horse’s mouth, if you will.

When security researchers stumble upon a vulnerability, they usually follow a responsible disclosure process- they first alert the vendor, who then verifies the finding, fixes the bug, and then the researcher brings this to the public, often credited in the patch release. With Google’s strict 90-day disclosure deadline, our villains find a way to leap forward in their capabilities and attack networks and systems even before the patches are out. Frankly, it’s a genius trick, but it’s a dangerous precedent.

This manipulation of the current system should be seen as a red flag. It shows that cyber villains are continuously trying to worm their way into software stacks, vendor’s update processes, and even the source of vulnerability research. And the truth is, such threats will keep coming. That’s why learning from their strategy is crucial because it sets a frame of what to watch out for in future.

As much as we advocate for cybersecurity and resilience to our customers, this is a wake-up call for us too- to keep a hawk-eye on our processes, our cyber resilience, and most importantly, on each other. We’ve always predicted that multi-vector attacks would multiply, and sadly, 2021 is proving us right.

Nowadays, the threat is no longer strictly technological. Cybersecurity isn’t just about VPNs and network infrastructure anymore- it’s also about communication channels where social engineering takes place. Distributed workers today need defensive shields in social and chat apps that catch red flags early while respecting workers’ privacy.

Let’s stay vigilant Bay Area! Government-backed hacking is no trivial matter and serves as a reminder that the next level of cyber warfare is already here. It’s up to us, the gatekeepers of the cyberspace realm in the face of ever-evolving threats, to keep our cyber-world safe.

by Morgan Phisher | HEAL Security

Subscribe to newsletter

Subscribe to HEAL Security Dispatch for the latest healthcare cybersecurity news and analysis.

More Posts