An ongoing campaign targeting legitimate security researchers within the industry appears to be the work of a government-backed entity based in North Korea, according to a new report from Google’s Threat Analysis Group, which has been tracking the campaign for a few months.
The group members have spent time and effort building credibility as legitimate cyber security researchers themselves, setting up a research blog and using sock puppet Twitter profiles both to interact with their targets and amplify their own reach.
The research blog contains a number of write-ups and analyses of publicly disclosed vulnerabilities, such as might be seen on a legitimate security website, and even carries guest posts from unwitting security researchers.
