North Koreans tried to hack security researchers via social engineering tricks

Posted on Wednesday, March 10 2021 @ 11:00 CET by Thomas De Maesschalck
MSFT  logo
Yesterday, Microsoft patched a critical, zero-day security vulnerability (CVE-2021-26411) that affects Internet Explorer as well as the EdgeHTML-based version of the Edge browser. What makes this vulnerability so interesting is the backstory behind how it got abused.

ARS Technica writes North Korean hackers basically used social engineering skills to try to hack seasoned security researchers. The hackers infiltrated the Twitter infosec community and spent weeks developing working relationships with security researchers. They created research blogs and reached out to security researchers to collaborate on a project.

Security researchers who took the bait were asked to open a website via Internet Explorer. The webpage contained malicious code that abused a security vulnerability in Internet Explorer to perform remote code execution:
Eventually, the fake Twitter profiles asked the researchers to use Internet Explorer to open a webpage. Those who took the bait would find that their fully patched Windows 10 machine installed a malicious service and an in-memory backdoor that contacted a hacker-controlled server.

Total of 89 patches on Patch Tuesday

The vulnerability described above got patched on Patch Tuesday alongside 88 other vulnerabilities in Microsoft software. A total of 14 vulnerabilities are rated as critical and several vulnerabilities are actively exploited in the wild. Most of the patches are for Office, Windows, or Azure.

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments