Recent attacks against security researchers have been linked to North Korean APT ZINC, an affiliate of the notorious Lazarus group. New details have emerged on the attack, describing how the APT exploited Visual Studio, a Microsoft product, to infect systems with malware now known to be the comebacker malware variant. Microsoft reported on the campaign several days ago, stating that security researchers were being targeted with custom malware via an elaborate and sophisticated social engineering campaign.
The threat actors posed as security researchers seeking help on an exploit, flaw, or proof-of-concept and reached out to legitimate security researchers for ‘help.’ They then passed over a malicious version of Microsoft Visual Studio, infecting the researcher’s device with malware. The attacks leverage social media to set up trust and relationships with researchers. So far, all of the security professionals targeted were using Windows machines.
Read More: Lazarus Affiliate ‘ZINC’ Blamed for Campaign Against Security Researcher