They’re back. Google warned about North Korean state-sponsored hackers going after cybersecurity researchers a couple years back. Now Google says they’re back at it.
“Similar to the previous campaign TAG reported on, North Korean threat actors used social media sites like X (formerly Twitter) to build rapport with their targets. In one case, they carried on a months-long conversation, attempting to collaborate with a security researcher on topics of mutual interest. After initial contact via X, they moved to an encrypted messaging app such as Signal, WhatsApp or Wire. Once a relationship was developed with a targeted researcher, the threat actors sent a malicious file that contained at least one 0-day in a popular software package.”
The Google report provides useful information for those trying to protect themselves, including a new Windows malware tool. Read the report here.