.png "back to home page")
This is your regular reminder that to security researchers that you too are a target for APTs. This is also a reminder to APTs that if you want to target me, you should at least offer free flights and hotels. https://t.co/aby0RILZLk
— Eva (@evacide) January 26, 2021
New blog post from TAG with details of a North Korean campaign targeting security researchers working on vulnerability research and development.https://t.co/Ec2TaMMXeQ
— Shane Huntley (@ShaneHuntley) January 26, 2021
Stay safe out there everyone!
Keep your wits about you. I can confirm I was targeted by “z0x55g” via Twitter DMs asking about browser and Windows kernel 0day vulnerability research. I guess it was because I had commented about the Defender RCE and used to have #0day in my bio. But yikes! Stay vigilant ? https://t.co/W4qcloztLF
— Will | Bushido (@BushidoToken) January 26, 2021
Must read for people in security: https://t.co/z5BeK473ze
— SwiftOnSecurity (@SwiftOnSecurity) January 26, 2021
A look at some of the malware mentioned in this Google TAG research.https://t.co/NTsIgMeNwT
— Kevin Perlow (@KevinPerlow) January 26, 2021
- Two-stage (payload in ProgramData)
- AV Check (Kasp, Avast)
- Basic Persistence
- Multiple C2s per payload
More to be done re:C2 comm (unless someone does it first)#DPRK https://t.co/l4KPTqqXOq pic.twitter.com/425ukg7HUP
One of the threat actors targeted me, but I was too busy! ?? https://t.co/WhH1wyfgQq pic.twitter.com/aZkMkN82d2
— ϻг_ϻε (@steventseeley) January 26, 2021
Wow, @Google's Threat Analysis Group just called out a North Korean hacking campaign targeting... security researchers.
— John Scott-Railton (@jsrailton) January 26, 2021
Featuring fake identities, fake blogs, & lots of social engineering. 1/
Blog: https://t.co/ggg8AjS14w https://t.co/QHd73E0Xbk pic.twitter.com/ExKgdzZqs3
This is why you should use xcode ;) https://t.co/rVo2Y8ZBMR
— Charlie Miller (@0xcharlie) January 26, 2021
https://t.co/uxz8acJyno .. North Korea-linked campaign targets security experts via social media #news #tech #nsa #FBI #intelligence #DFIR #digitalforensics #SIEM
— daveSmith (@daveDFIR) January 26, 2021
Google says North Korean state hackers are targeting security researchers on social media https://t.co/bYp4H6auij
— CNBC International (@CNBCi) January 26, 2021
#Google: North Korean #hackers targeting security researchers on Twitter https://t.co/OSHvKE0BzI #Security #Cybersecurity pic.twitter.com/81Z7jTVkvG
— LNP Services (@LNPServices) January 26, 2021
Google says North Korean state hackers are targeting security researchers on social media https://t.co/1G7bpCtCh6
— CNBC (@CNBC) January 26, 2021
“The undetected files that Google reported on share genes with previously known samples by Lazarus Group,” said @arieitan of Intezer.https://t.co/AjXbhPhRhZ
— Intezer (@IntezerLabs) January 26, 2021
north korean hackers hacked hackers with malicious website about hacking https://t.co/cQGVcWiT4u
— Jason Koebler (@jason_koebler) January 26, 2021
NEW: North Korean hackers hacked famous hackers with fake hacking website and Twitter accounts, according to Google.https://t.co/yIAjj5JokD
— Lorenzo Franceschi-Bicchierai (he/him) (@lorenzofb) January 26, 2021
Google revealed a months-long campaign to hack security researchers and trick them into working for the North Korean regime. https://t.co/8g1g8pIwRt
— VICE (@VICE) January 26, 2021
The scheme was at times successful—North Korean hackers used Windows and Chrome zero-days to hack them, Google said in its report. https://t.co/DvJ2nKbKed
— Motherboard (@motherboard) January 26, 2021
Operation PANDORABOX - What was inside the Visual Studio project anyway? https://t.co/qixDHJNn7l
— Matt Suiche (@msuiche) January 26, 2021
As might be expected for a hacker targeting the security community, the write-ups & threads are coming fast:
— Raphael Satter (@razhael) January 26, 2021
-@msuiche: https://t.co/idxCXU4Pgo
-@360totalsec: https://t.co/zEcnDoneMH
-@KevinPerlow: https://t.co/ixwYnuo1w7
-@craiu: https://t.co/jm24EdKuzz
PANDORABOX - North Koreans target security researchers – Comae https://t.co/CuUUAZQn6n
— /r/netsec (@_r_netsec) January 26, 2021
New blog post from TAG with details of a North Korean campaign targeting security researchers working on vulnerability research and development.https://t.co/Ec2TaMMXeQ
— Shane Huntley (@ShaneHuntley) January 26, 2021
Stay safe out there everyone!
To target infosec researchers, North Korean attackers curated a blog with guest posts from actual researchers on real software bugs. The attackers were able to install an in-memory backdoor on fully patched Windows 10, according to Google: https://t.co/HUKBwUB1eE
— Sean Lyngaas (@snlyngaas) January 26, 2021
Google TAG analysis into North Korea APT targeting #cybersecurity researchers it worth checking "If you have communicated with any of these accounts or visited the actors’ blog, we suggest you review your systems for the IOCs provided below" https://t.co/hvmVywfrqw #malware pic.twitter.com/9RdfIXZZjq
— Raj Samani (@Raj_Samani) January 26, 2021
I'm assuming you've seen this https://t.co/oEc4FNgmNN
— ash (@uglypackets) January 26, 2021
Hey folks, you might want to know that @/james0x40 was a North Korean state actor. Fun. https://t.co/19PyFLcd21
— Filippo Valsorda ??❤️ ✊ (@FiloSottile) January 26, 2021
New from Google: Suspected North Korean hackers targeted security researchers by running a fake research blog (with some guest posts from real researchers) that installed backdoors into targets' fully patched Windows 10 machines. ? https://t.co/DmIdleg5mP pic.twitter.com/ztzqg9i48q
— Eric Geller (@ericgeller) January 26, 2021
Hacking the hackers: Google says it's seeing North Korea targeting cybersecurity researchers: https://t.co/ObaqgKJq2O
— Kevin Collier (@kevincollier) January 26, 2021
Hello can I get an ooooof in chat please.. <shared earlier on TMHC, but here for reach>
— STUͣͬͭ ͣ ͬ ͭ ?️? (@cybersecstu) January 26, 2021
https://t.co/avzr2MHIZA
New campaign targeting security researchers https://t.co/PYuZWo8Jqc
— /r/netsec (@_r_netsec) January 26, 2021
Have I said lately how much I continue to be amused by "-executionpolicy bypass" ?https://t.co/EBClAVYMHc
— mikeymikey (@mikeymikey) January 26, 2021
#Lazarus Campaign Targeting Security Researchers #APT #SocialEngineering
— blackorbird (@blackorbird) January 26, 2021
"dxgkrnl_poc" Visual Studio Project Analysis Report:
1. https://t.co/0eoRRQQIi5
2. https://t.co/0qomqY69hO
Attribution:https://t.co/XMlkH0Vp0r
ref:https://t.co/kLizS9Kuo4 pic.twitter.com/uIsE4JKAvp
When the hunters become the prey: interesting twist as security researchers are targeted. Be careful out there. https://t.co/NAyN2hFyuc
— Alan Woodward (@ProfWoodward) January 26, 2021
New campaign targeting security researchers @google https://t.co/56pIUyZEeA
— Andrada Fiscutean (@AFiscutean) January 26, 2021
A great write-up by Google and not surprising how this all workedhttps://t.co/LwBlKE74T5
— Daniel Cuthbert (@dcuthbert) January 26, 2021
Clever ruse, DPRK, clever ruse... https://t.co/34vksT2UTu
— TheSpy&TheState (@ThespyThestate) January 27, 2021
Google revealed a months-long campaign to hack security researchers and trick them into working for the North Korean regime.https://t.co/Gz2R4UfxCX
— Adam Levin (@Adam_K_Levin) January 27, 2021
Google revealed a months-long campaign to hack security researchers and trick them into working for the North Korean regime. https://t.co/DvJ2nKbKed
— Motherboard (@motherboard) January 27, 2021
Wild. North Korean Hackers Hacked Famous Hackers With Fake Hacking Website, Google Says. Many hackers have since admitted to being hacked on twitter. By @lorenzofb https://t.co/yZRsu2ZZVj
— Sandhya Ramesh (@sandygrains) January 27, 2021
Sorry Kim, you’ll have to try harder https://t.co/FLHb2DIa28 pic.twitter.com/uK8oCR1o5d
— Dominic Chell (@domchell) January 26, 2021
Wait, so DPRK hackers, who were social engineering researchers with broken english and powershell payloads embedded in VS project files, were also publicly burning Chrome 0days on their blog? Something doesn't add up.https://t.co/nhNQlCvScx
— Kuba Gretzky (@mrgretzky) January 26, 2021
New campaign targeting security researchershttps://t.co/mCgHnYcDeq
— Vivek Ramachandran (@vivekramac) January 27, 2021
We identified overlap between a trojanized job posting document and the recent Google report. Dynamic analysis showed that if invoked this docu would communicate with two of the compromised domains from the recent report on North Korean activity. https://t.co/uzmcJHEpqS pic.twitter.com/8a2IWeUjrQ
— Black Lotus Labs (@BlackLotusLabs) January 26, 2021
In light of APT's targeting individuals in the community (https://t.co/UdOe8uTGc9), this is a reminder to run outside code within a virtual machine, as well as review the code of projects in your workflow.
— bugcrowd (@Bugcrowd) January 26, 2021
Feel free to share other advice below so we can discuss as a group. ?
Security peeps -- this was just shared with me. I haven't verified it, but it seems like something to take note of:https://t.co/HXKANftOOE
— Gene Spafford (@TheRealSpaf) January 26, 2021
ICYMI: Google write-up of a (DPRK?) campaign targeting security researchers https://t.co/Si0eRdgixa pic.twitter.com/w7PIAUcHpt
— cje (@caseyjohnellis) January 26, 2021