Google’s TAG workforce mentioned the attackers contacted their supposed victims, asking to collaborate on vulnerability analysis. Other than Twitter, in addition they used LinkedIn, Telegram, Discord, Keybase and electronic mail to succeed in out to their targets, sending them a Microsoft Visible Studio Challenge with malware to achieve entry to their methods. In some circumstances, victims’ computer systems have been compromised after visiting a nasty actor’s weblog after following a hyperlink on Twitter. Each strategies led to the set up of a backdoor on the victims’ computer systems that related them to an attacker-controlled command and management server.
These actors have used a number of platforms to speak with potential targets, together with Twitter, LinkedIn, Telegram, Discord, Keybase and electronic mail. We’re offering an inventory of identified accounts and IOCs within the weblog submit.
— Shane Huntley (@ShaneHuntley) January 26, 2021
The victims’ methods have been compromised whereas operating totally patched and up-to-date Home windows 10 and Chrome browsers. Google’s TAG Workforce has solely seen the attackers focusing on Home windows methods, up to now, nevertheless it nonetheless can’t affirm “the mechanism of compromise” and is encouraging researchers to submit Chrome vulnerabilities to its bug bounty program. The workforce has additionally listed all of the actor-controlled web sites and accounts it has recognized as a part of the marketing campaign.
Right here’s their first contact.. Twitter has deleted the acct however they simply mentioned “hello” and “whats up” to immediate the primary two messages after which requested if I can do Home windows kernel exploitation pic.twitter.com/VJmo4yzPoC
— Richard Johnson (@richinseattle) January 26, 2021