North Korean hackers use multiple profiles on various social networks to reach out to security researchers using fake personas.
It has been reported last night that Google has discovered a state-backed hacking campaign by North Korea which targets security researchers engaging in vulnerability research using social engineering attacks.
In this incident, Google said North Korean hackers used multiple profiles on various social networks, such as Twitter, LinkedIn, Telegram, Discord, and Keybase, to reach out to security researchers using fake personas.
Asaf Hecht, Cyber Research Team Leader at CyberArk, commented on this state-sponsored campaign:
“Attackers regularly succeed in infiltrating corporate networks across a range of different industries by using social engineering to exploit vulnerabilities in the human psyche. This case is no different, and if anything shows that security researchers – typically the most security-literate employees within organizations – are equally vulnerable to being targeted in carefully coordinated, calculated attacks.”
What is interesting about this state-backed hacking campaign uncovered by Google, said Hecht, is that even nation states are using social engineering as an attack vector.
His advice for all organizations: “Businesses must be aware and meet this challenge by adopting privileged access management to prevent the lateral spread of an attack. Proactively managing and rotating high-value ‘privileged’ credentials, and limiting user access to only the information and tools needed to perform their immediate role, reduces an attacker’s route to critical data and their ability to exfiltrate information or disrupt operations.”