Threat actors connected to the North Korean government have been targeting security researchers in a hacking campaign that uses new techniques and malware in hopes of gaining a foothold inside the companies the targets work for, researchers said.
Researchers from security firm Mandiant said on Thursday that they first spotted the campaign last June while tracking a phishing campaign targeting a US-based customer in the technology industry. The hackers in this campaign attempted to infect targets with three new malware families, dubbed by Mandiant as Touchmove, Sideshow, and Touchshift. The hackers in these attacks also demonstrated new capabilities to counter endpoint detection tools while operating inside targets’ cloud environments.
“Mandiant suspects UNC2970 specifically targeted security researchers in this operation,” Mandiant researchers wrote.