Image: BRENDAN SMIALOWSKI/AFP via Getty Images
Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.
Advertisement
Alejandro Caceres, the founder of security firm Hyperion Gray, said on Twitter that he was one of the victims. The hackers established contact with him via Twitter and eventually shared a file with him that contained malware, according to Caceres, who is offering a bounty of $80,000 to anyone who can provide information about the hackers' identities. "Yes I was hacked. No, no customer information was leaked, this was on a private [Virtual Machine] for this exact reason," Caceres said. In some cases, according to Google, the hackers were able to hack targets just by having them visit a malware-laden website under their control. What's more surprising, "at the time of these visits, the victim systems were running fully patched and up-to-date Windows 10 and Chrome browser versions," according to Google. This means the hackers potentially had access to Windows and Chrome unknown vulnerabilities, commonly referred to as zero-days.
Advertisement
This hacking campaign is a reminder that security researchers are a juicy target for nation-state hackers, especially those who work for a government with more limited resources. This is also a good reminder that social engineering is still one of the best ways to hack people, even those who work in cybersecurity.Do you know of any similar security vulnerability or data breach? We’d love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, OTR chat at lorenzofb@jabber.ccc.de, or email lorenzofb@vice.com