Suspected North Korean-backed hackers are once again targeting members of the cybersecurity community, according to Google’s Threat Analysis Group (TAG). The hackers are reaching out to their targets using social media to establish a rapport before moving them to secure communication services like Signal or WhatsApp. Google confirmed that once a relationship is established, the threat actors send a malicious file containing at least one zero-day vulnerability. While Google did not disclose the affected vendor, efforts are underway to deploy a patch.
Google’s analysis found that the shellcode in the malicious file collects information on systems affected by the exploit and sends it back to command-and-control (C2) servers. The shellcode is similar to what has been observed in previous North Korean exploits.
Additionally, Google warned that the threat actors have developed a standalone tool called “dbgsymbol” for Windows that could appeal to the infosec community. While the tool is used to download debugging symbol information, it also has the capability to download and execute arbitrary code from an attacker-controlled domain. Google advises anyone who has downloaded or run the tool to ensure their system is clean, likely requiring an operating system reinstallation.
In other news, Google released its monthly Android security updates, addressing critical vulnerabilities, including one that may be actively exploited. Multiple nation-state threat actors have been exploiting vulnerabilities in Fortinet firewalls and Zoho’s ManageEngine software to gain access to targeted networks. Apache RocketMQ is also experiencing active exploitation of a remote code execution vulnerability, for which a patch is available.
Various other vulnerabilities have been flagged, including those in Socomec’s MODULYS GP UPS systems, Cisco’s BroadWorks platforms, MedDream PACS health imaging server software, Phoenix Contact’s telecoms routers and cloud client software, and Dover Fueling Solutions MAGLINK LX tank management web console.
Finally, Verizon has settled with the US Department of Justice after failing to meet its contractual obligations to protect General Services Administration devices connected to public networks. Verizon cooperated with the investigation and took remedial measures, leading to a reduced fine of $4 million.