User:Wysholp/sandbox

Lazarus Group targeting security researchers in 2021
(for Lazarus Group)

In January 2021, Google and Microsoft both publicly reported on a group of North Korean hackers targeting security researchers via a social engineering campaign, with Microsoft specifically attributing the campaign to Lazarus Group.

The hackers created multiple user profiles on Twitter, GitHub, and LinkedIn posing as legitimate software vulnerability researchers, and used those profiles to interact with posts and content made by others in the security research community. The hackers would then target specific security researchers by contacting them directly with an offer to collaborate on research, with the goal of getting the victim to download a file containing malware, or to visit a blog post on a website controlled by the hackers.

Some victims who visited the blog post reported that their computers were compromised despite using fully patched versions of the Google Chrome browser, suggesting that the hackers may have used a previously unknown zero-day vulnerability affecting Chrome for the attack; however, Google stated that they were unable to confirm the exact method of compromise at the time of the report.


 * Backdoored IDA Pro in November 2021