Google warns infoseccers: Beware of North Korean spies sliding into your DMs – Source: go.theregister.com

In brief Watch out, cyber security researchers: Suspected North Korean-backed hackers are targeting members of the infosec community again, according to Google’s Threat Analysis Group (TAG).

As was the case in 2021 when TAG made a similar claim, suspected North Korean agents are reaching out to targets using social media to build rapport before moving targets to secure services like Signal or WhatsApp. As was also the case in 2021, Google offered no explanation or conclusions.

“Once a relationship was developed with a targeted researcher, the threat actors sent a malicious file that contained at least one 0-day in a popular software package,” TAG researchers wrote. Google didn’t mention the affected vendor, but said efforts were underway to deploy a patch. 

Per Google, shellcode in the malicious file collects information on affected systems and sends it back to C2 servers. “The shellcode used in this exploit is constructed in a similar manner to shellcode observed in previous North Korean exploits,” TAG explained.

But wait – there’s more.

Google has an additional warning to deliver: The threat actors also developed a standalone tool for Windows that could appeal to the infosec community. On the surface, dbgsymbol [Github link https://github[.]com/dbgsymbol/ provided for visibility – don’t download this] is used to download debugging symbol information from various sources –– handy for debugging issues in binaries, or doing vulnerability research. 

“The tool also has the ability to download and execute arbitrary code from an attacker-controlled domain,” TAG warned. While not including any description of what dbgsymbol may have been used to download, Google recommends that anyone who has downloaded or run the tool “ensure your system is in a known clean stage, likely requiring a reinstall of the operating system.” 

Sorry – guess those weekend plans have been made for you, unlucky random GitHub project downloaders. 

DoJ thanks Verizon for its negligence with reduced fine

Verizon may have copped to failing to properly protect General Services Administration (GSA) devices connected to public networks and failing to meet its terms of a contract for five years, but it copped to it. 

In exchange, the Department of Justice has decided it’ll keep the fine to a mere $4 million and change, thank you very much. “The United States acknowledged that Verizon took a number of significant steps entitling it to credit for cooperating with the government,” the DoJ said. 

Verizon’s Managed Trusted Internet Protocol Service, or MTIPS, was used by the GSA from 2017 until 2021, during which time the feds allege the telco “did not completely satisfy three required cybersecurity controls for trusted internet connections.” 

Verizon blew the whistle on itself when it realized it had dropped the ball, “cooperated with the government’s investigation of the issues and took prompt and substantial remedial measures,” the DoJ declared. 

In exchange for its cooperation (and non-admission of responsibility, naturally), Verizon gets away with forking over a mere 0.08 percent of its net income in Q2 of 2023 – and that was a down quarter.

Malvertising on Mac

Malwarebytes researchers have discovered a malware-laden advertising campaign in Google search results that’s casting a wide net by targeting both Windows and Mac devices.

• Russian infosec boss gets nine years for $100M insider-trading caper using stolen data
• China reportedly bans iPhones from more government offices
• Microsoft: China stole secret key that unlocked US govt email from crash debug dump
• Microsoft DNS boo-boo breaks Hotmail for users around the globe

The Apple malware – which is the interesting feature of this campaign – is a variant of the Atomic Stealer malware that popped up earlier this year. In this case, it’s a run-and-done malware that makes off with passwords, keychain data, autofill records, cookies, files and crypto wallet information.

Interestingly, this particular “variant” even comes with instructions for how to open it in a manner that bypasses the macOS Gatekeeper, which performs runtime checks to kill potential malicious executables. 

In short, like all good malware for commercially available and locked-down OSes like macOS, iOS or Android, this one requires victims to fall prey to both a phishing attempt via malicious advertising and questionable prompts. ®