Enlarge (credit: Dmitry Nogaev | Getty Images)

North Korea-backed hackers are once again targeting security researchers with a zero-day exploit and related malware in an attempt to infiltrate computers used to perform sensitive investigations involving cybersecurity.

The presently unfixed zero-day—meaning a vulnerability that’s known to attackers before the hardware or software vendor has a security patch available—resides in a popular software package used by the targeted researchers, Google researchers said Thursday . They declined to identify the software or provide details about the vulnerability until the vendor, which they privately notified, releases a patch. The vulnerability was exploited using a malicious file the hackers sent the researchers after first spending weeks establishing a working relationship.

Malware used in the campaign closely matches code used in a previous campaign that was definitively tied to hackers backed by the North Korean government, Clement Lecigne and Maddie Stone, both researchers in Google’s Threat Analysis Group, said. That campaign first came to public awareness in January 2021 in posts from the same Google research group and, a few days later, Microsoft .

Enlarge / SpaceX's Super Heavy booster, numbered Booster 9, rolls back to its launch pad in Texas for more testing. The rocket now has a new structural staging ring on top. (credit: SpaceX )

Welcome to Edition 6.08 of the Rocket Report! The US Department of Justice is taking SpaceX to court over allegations of hiring discrimination, but the government is relying more than ever on SpaceX's technical prowess. Once again, Elon Musk's social media posts are part of the story. This week, we also cover the successes and struggles of small rockets, where Rocket Lab is leading the pack.

As always, we welcome reader submissions , and if you don't want to miss an issue, please subscribe using the box below (the form will not appear on AMP-enabled versions of the site). Each report will include information on small-, medium-, and heavy-lift rockets, as well as a quick look ahead at the next three launches on the calendar.

Rocket Lab re-flies engine after ocean splashdown . Rocket Lab launched its 40th Electron mission this week and achieved an important milestone in its quest to reuse orbital rockets, Ars reports . As part of the mission, the launch company reused a previously flown Rutherford engine on its first stage for the first time. In terms of orbital rockets, only NASA's space shuttle and SpaceX's Falcon 9 vehicles have demonstrated the capability of re-flying an engine. With Rutherford, Rocket Lab has now also flown a rocket engine that landed in the ocean for the first time.

Enlarge / Inside the Submarine by Kim Kwang Nam, from the series "The Future is Bright." (credit: Koryo Studio )

A plane is flying to the Philippines, gliding above "the infinite surface" of the Pacific Ocean. Suddenly, a few passengers start to scream. Soon, the captain announces there's a bomb on board, and it’s set to detonate if the aircraft drops below 10,000 feet.

"The inside of the plane turned into a battlefield," the story reads. "The captain was visibly startled and vainly tried to calm down the screaming and utterly terrorized passengers."

Only one person keeps his cool: a young North Korean diplomat who has faith that his country will find a solution and save everyone. And he’s right. North Korea's esteemed scientists and engineers create a mysterious anti-gravitational field and stop the plane in mid-air. The bomb is defused, and everyone gets off the aircraft and is brought back safely to Earth.

Enlarge (credit: Getty Images)

Threat actors connected to the North Korean government have been targeting security researchers in a hacking campaign that uses new techniques and malware in hopes of gaining a foothold inside the companies the targets work for, researchers said.

Researchers from security firm Mandiant said on Thursday that they first spotted the campaign last June while tracking a phishing campaign targeting a US-based customer in the technology industry. The hackers in this campaign attempted to infect targets with three new malware families, dubbed by Mandiant as Touchmove, Sideshow, and Touchshift. The hackers in these attacks also demonstrated new capabilities to counter endpoint detection tools while operating inside targets’ cloud environments.

“Mandiant suspects UNC2970 specifically targeted security researchers in this operation,” Mandiant researchers wrote.

Enlarge (credit: Huang Evan via Getty Images )

In 2022, an American dressed in his pajamas took down North Korea’s Internet from his living room. Fortunately, there was no reprisal against the United States. But Kim Jong Un and his generals must have weighed retaliation and asked themselves whether the so-called independent hacker was a front for a planned and official American attack.

In 2023, the world might not get so lucky. There will almost certainly be a major cyberattack. It could shut down Taiwan’s airports and trains, paralyze British military computers, or swing a US election. This is terrifying, because each time this happens, there is a small risk that the aggrieved side will respond aggressively, maybe at the wrong party, and (worst of all) even if it carries the risk of nuclear escalation.

Enlarge / APT37, a group believed to be backed by the North Korean government, has found success exploiting the bits of Internet Explorer still present in various Windows-based apps. (credit: Aurich Lawson | Getty Images)

Microsoft's Edge browser has replaced Internet Explorer in almost every regard, but some exceptions remain. One of those, deep inside Microsoft Word, was exploited by a North-Korean-backed group this fall, Google security researchers claim.

It's not the first time the government-backed APT37 has utilized Internet Explorer's lingering presence, as Google's Threat Analysis Group (TAG) notes in a blog post . APT37 has had repeated success targeting South Korean journalists and activists, plus North Korean defectors, through a limited but still successful Internet Explorer pathway.

The last exploit targeted those heading to Daily NK , a South Korean site dedicated to North Korean news. This one involved the Halloween crowd crush in Itaewon , which killed at least 151 people. A Microsoft Word .docx document, named as if it were timed and dated less than two days after the incident and labeled "accident response situation," started circulating. South Korean users began submitting the document to the Google-owned VirusTotal, where it was flagged with CVE-2017-0199 , a long-known vulnerability in Word and WordPad.

Enlarge (credit: Financial Times)

Created by a Vietnamese gaming studio, Axie Infinity offers players the chance to breed, trade and fight Pokémon-like cartoon monsters to earn cryptocurrencies including the game’s own “Smooth Love Potion” digital token. At one stage, it had more than a million active players.

But earlier this year, the network of blockchains that underpin the game’s virtual world was raided by a North Korean hacking syndicate, which made off with roughly $620 million in the ether cryptocurrency.

The crypto heist, one of the largest of its kind in history, was confirmed by the FBI, which vowed to “continue to expose and combat [North Korea’s] use of illicit activities—including cyber crime and cryptocurrency theft—to generate revenue for the regime.”