Google’s threat hunting unit has again intercepted an active North Korean APT actor sliding into the DMs of security researchers and using zero-days and rigged software tools to take control of their computers. Using platforms like X as their initial point of contact, the North Korean threat actor forged relations with target researchers through interaction and discussions. Google’s Threat Analysis Group (TAG) warned that at least one actively exploited zero-day is being used and is currently unpatched. Google said the zero-day exploit was used to plant shellcode that conducts a series of anti-virtual machine checks and then sends the collected information, along with a screenshot, back to an attacker-controlled command and control domain. This isn’t the first documented case of North Korean government hackers targeting security researchers, particularly those that operate in the offensive space.

Read more: https://www.securityweek.com/rigged-software-and-zero-days-north-korean-apt-caught-hacking-security-researchers/