Thursday, January 28, 2021

Google Uncovers North Korean Government Scam to Hack Security Researchers


As I've said here before, the weakest security link is always going to be the human link.  We can continue to upgrade our defensive hardware like firewalls and such.  The easiest way to get into a system is the inherent goodness of human nature.  

Most of us are truly good people at heart and that is especially true in healthcare where many times people work based on the fact that they truly want to help people.  If someone asks for assistance in some degree, most people will make an effort to try to help.  We also have a tendency to feel that most people think just like we do.  So, if you are an honest individual who truly needs help when you ask...your tendency is to think others asking for help are just like you.

It's horrible to say, but criminals love honest folks who want to help others simply because they are the easiest ones to con.

Today's post is about a socially engineered con, but not in the usual way.  No, this one was different.  In this scam criminals acting on behalf of the North Korean government wanted to learn secrets from security researchers.

Basically the crooks set up a blog and social media accounts that made them appear to be security researchers themselves.  Once they established these false accounts, they set about contacting legitimate security researchers.  Their hope was to gain access to the researchers systems in order to learn new, effective, and secret ways to breech other systems.

While complex, the system *was* creative and appeared to work... for a while.  For the full explanation, take a look at this Google Blog Post.  It's an interesting read.

No comments:

Post a Comment