By 
Search engine giant Google has said that members of a cybersecurity company engaged in vulnerability research has been targeted by North Korean government threat actors.
The attacks have been detected by the Google Threat Analysis Group (TAG), a Google security team with expertise in hunting advanced persistent threat (APT) groups.
In a report, Google said the group of North Korean hackers used several profiles on various social networks, such as Twitter, LinkedIn, Telegram, Discord, and Keybase, to attack security experts using fake IDs.
The search engine behemoth also said that email was also used in some situations.
Adam Weidemann, a security researcher with Google TAG, said: “After establishing initial communications, the actors would ask the targeted researcher if they wanted to collaborate on vulnerability research together, and then provide the researcher with a Visual Studio Project.”
But the researcher said that the invaders didn’t always distribute malicious files to their targets. In some other situations, they asked security experts to visit a blog they had hosted at blog[.]br0vvnn[.]io (do not access).
Google said the blog hosted malicious code that infected the security researcher’s computer after accessing the site.
“A malicious service was installed on the researcher’s system and an in-memory backdoor would begin beaconing to an actor-owned command and control server,” Weidemann said.
But Google TAG also added that many victims who accessed the site were also running “fully patched and up-to-date Windows 10 and Chrome browser versions” and still got infected.
