Google has discovered a months-long spearphishing campaign targeting security researchers carried by hackers tied to the North Korean government.
In a blog released late in the night on Jan. 25, Andrew Weidemann from Google’s Threat Analysis Group wrote that the campaign spanned multiple companies and researchers who focus on discovering new software vulnerabilities. To do this, the actors first attempted to pose as members of the community, setting up their own research blog as a front, in some cases recycling the work of other researchers and, in at least one case, faking a successful exploit. They also created multiple personas and sockpuppet accounts on social media sites like Twitter, LinkedIn, Telegram, Keybase and Discord, where they shared posts, promoted the work of others and interacted with researchers over direct messages.
Weidemann said all that work was effort to socially engineer and “build credibility” among targeted researchers, who they later attempted to compromise in various ways. In some cases they approached the victim over Twitter with offers to collaborate on newly discovered exploits over Visual Studio Project, a software tool used to develop and re ..
Support the originator by clicking the read the rest link below.
