User:Wysholp/sandbox

This is the user sandbox of Wysholp. A user sandbox is a subpage of the user's user page. It serves as a testing spot and page development space for the user and is not an encyclopedia article. Create or edit your own sandbox here.

Other sandboxes: Main sandbox | Template sandbox

Finished writing a draft article? Are you ready to request review of it by an experienced editor for possible inclusion in Wikipedia? Submit your draft for review!

Subpages of User:Wysholp/sandbox
Wysholp/sandbox Wysholp/sandbox/Disassembler Wysholp/sandbox/Interactive Disassembler

Lazarus Group targeting security researchers in 2021[edit]

(for Lazarus Group#History)

In January 2021, Google and Microsoft both publicly reported on a group of North Korean hackers targeting security researchers via a social engineering campaign, with Microsoft specifically attributing the campaign to Lazarus Group.^[1]^[2]^[3]

The hackers created multiple user profiles on Twitter, GitHub, and LinkedIn posing as legitimate software vulnerability researchers, and used those profiles to interact with posts and content made by others in the security research community. The hackers would then target specific security researchers by contacting them directly with an offer to collaborate on research, with the goal of getting the victim to download a file containing malware, or to visit a blog post on a website controlled by the hackers.^[3]

Some victims who visited the blog post reported that their computers were compromised despite using fully patched versions of the Google Chrome browser, suggesting that the hackers may have used a previously unknown zero-day vulnerability affecting Chrome for the attack;^[1] however, Google stated that they were unable to confirm the exact method of compromise at the time of the report.^[2]

Backdoored IDA Pro in November 2021^[4]

^ ^a ^b Newman, Lily Hay. "North Korea Targets—and Dupes—a Slew of Cybersecurity Pros". Wired. ISSN 1059-1028. Retrieved 2023-03-17.
^ ^a ^b "New campaign targeting security researchers". Google. 2021-01-25. Retrieved 2023-03-13.
^ ^a ^b Intelligence, Microsoft Threat Intelligence Center (MSTIC), Microsoft Defender Threat (2021-01-28). "ZINC attacks against security researchers". Microsoft Security Blog. Retrieved 2023-03-13.{{cite web}}: CS1 maint: multiple names: authors list (link)
^ "Lazarus hackers target researchers with trojanized IDA Pro". BleepingComputer. Retrieved 2023-03-13.

[:0-1] Newman, Lily Hay. "North Korea Targets—and Dupes—a Slew of Cybersecurity Pros". Wired. ISSN 1059-1028. Retrieved 2023-03-17.

[:1-2] "New campaign targeting security researchers". Google. 2021-01-25. Retrieved 2023-03-13.

[:2-3] Intelligence, Microsoft Threat Intelligence Center (MSTIC), Microsoft Defender Threat (2021-01-28). "ZINC attacks against security researchers". Microsoft Security Blog. Retrieved 2023-03-13.{{cite web}}: CS1 maint: multiple names: authors list (link)

[4] "Lazarus hackers target researchers with trojanized IDA Pro". BleepingComputer. Retrieved 2023-03-13.

[1]

[2]

[3]

[4]