Novel zero-day leveraged by North Korean hackers in security researcher attacks

Attacks exploiting at least one new zero-day flaw from an unnamed vendor have been launched by North Korean state-sponsored threat actors against security researchers engaged in vulnerability research and development, according to The Record, a news site by cybersecurity firm Recorded Future. Malicious files with the zero-day exploit are being sent by hackers through encrypted messaging apps after establishing trust with targeted researchers through prolonged conversations in social media platforms X, previously known as Twitter, and Mastodon, a Google report showed. Researchers also noted that attackers developed a Windows tool to facilitate debugging data exfiltration from Microsoft, Google, Citrix, and Mozilla reverse engineering servers. Additional precautions have been urged by Google for security researchers who have downloaded the Windows tool, which had its source code shared last year. "We hope this will remind security researchers that they could be targets of government-backed attackers and to stay vigilant of security practices," said Google.