North Korean hacking group is targeting security researchers

According to Google's Threat Analysis Group report, a North Korean government-backed hacking group is targeting security researchers, attempting to infect their devices with custom backdoor malware. Attackers create fake Twitter profiles and blogs to disguise themselves as a real security researcher to contact other researchers via various social media. Sometimes the disguise includes writing articles on existing vulnerabilities. However, the information on those articles might be fake. After getting into contact with the real security researchers, hackers would ask if they wanted to collaborate on vulnerability research, and as a part of the collaboration, threat actors would send Visual Studio project containing their PoC exploit with malicious hidden DLL named 'vcxproj.suo', which would be executed if the victim would build the exploit. The DLL is a custom backdoor injected into memory that will call back to a command and control server for commands to execute. Read more...