North Korea-backed hackers are once again targeting security researchers with a zero-day exploit and related malware in an attempt to infiltrate computers used to perform sensitive investigations involving cybersecurity.
The presently unfixed zero-day—meaning a vulnerability that’s known to attackers before the hardware or software vendor has a security patch available—resides in a popular software package used by the targeted researchers, Google researchers said Thursday. They declined to identify the software or provide details about the vulnerability until the vendor, which they privately notified, releases a patch. The vulnerability was exploited using a malicious file the hackers sent the researchers after first spending weeks establishing a working relationship.
Malware used in the campaign closely matches code used in a previous campaign that was definitively tied to hackers backed by the North Korean government, Clement Lecigne and Maddie Stone, both researchers in Google’s Threat Analysis Group, said. That campaign first came to public awareness in January 2021 in posts from the same Google research group and, a few days later, Microsoft.