Critical 0-day that targeted security researchers gets a patch from Microsoft

Dan Goodin

from Ars Technica - All content on 2021-03-09 22:43 (#5F4P8)

Enlarge (credit: Drew Angerer | Getty Images)

Microsoft has patched a critical zero-day vulnerability that North Korean hackers were using to target security researchers with malware.

The in-the-wild attacks came to light in January in posts from Google and Microsoft. Hackers backed by the North Korean government, both posts said, spent weeks developing working relationships with security researchers. To win the researchers' trust, the hackers created a research blog and Twitter personas who contacted researchers to ask if they wanted to collaborate on a project.

north-korea-researcher-tweets-640x427.pn

(credit: Google)

Eventually, the fake Twitter profiles asked the researchers to use Internet Explorer to open a webpage. Those who took the bait would find that their fully patched Windows 10 machine installed a malicious service and an in-memory backdoor that contacted a hacker-controlled server.

Read 6 remaining paragraphs | Comments

index?i=cn_C9BkCalI:yPZFHXTwvy0:V_sGLiPB

index?i=cn_C9BkCalI:yPZFHXTwvy0:F7zBnMyn

Source	RSS or Atom Feed
Feed Location	http://feeds.arstechnica.com/arstechnica/index
Feed Title	Ars Technica - All content
Feed Link	https://arstechnica.com/