Gaining the confidence of a professional who works investigating weaknesses in computer systems is, and always has been, the goal of many hacker groups. If a hacker impersonates another researcher from another country who wants to collaborate to find problems in a company’s software, they will have access to information that can be used for their own attacks.
I know what you are thinking: It is impossible for a security researcher to trust someone who comes into contact over the Internet and ends up giving him confidential information, but unfortunately it is not like that, those things happen.
On this occasion, it was Google who reported that a North Korean government hacker group has targeted members of the cybersecurity community who are involved in investigating vulnerabilities.
The attacks have been detected by Google Threat Analysis Group (TAG), a Google security team specialized in detecting advanced persistent threats (APT). Apparently, the North Korean hackers used multiple profiles on various social networks to communicate with security researchers. After contact was made, they would ask the target researcher if they would like to collaborate on the vulnerability investigation together and then provide the researcher with a Visual Studio project, software to help with the task.
Logically, this program contains malicious code that installed malware in the investigator’s operating system, acting as a back door and allowing remote control.
In other cases, there was no program, but hackers asked security researchers to visit a blog where a virus was waiting.
Some security researchers believe that the North Korean group likely used a combination of Chrome and Windows 10 zero-day vulnerabilities to implement their malicious code.
The Google TAG report includes a list of links for the fake social media profiles so that the security community is more vigilant.
Moral: do not confess are security specialists who appear on the Internet and ask you to install a program on your computer.