North Korean Hackers Successfully Phished Cyber Researchers Using a Fake Blog - Gizmodo
A recent phishing campaign by North Korean nation-state hackers successfully duped a number of security professionals who were involved in vulnerability research and development, according to a new report from Google’s Threat Analysis Group.
The unnamed threat group used various social engineering tactics to pose as fellow “white hat†security specialists, ensnaring the unsuspecting experts by convincing them that they were looking to collaborate on research, the TAG report shows.A number of threat researchers spoke out on Twitter Monday night, claiming they had been targeted by the campaign.“After establishing initial communications, the actors would ask the targeted researcher if they wanted to collaborate on vulnerability research together, and then provide the researcher with a Visual Studio Project.