In January, a social engineering campaign was launched against vulnerability researchers. They were sent unsolicited messages on various platforms, including LinkedIn, Twitter, Discord, Telegram, and Keybase. We thought that that was the end of it. It was not.
The CISA has cautioned researchers to keep their guards up as the same wave of attacks continues. The agency has recommended that cybersecurity practitioners examine reports on the attacks, published by Microsoft, Google, and CISA. The notification urges researchers to use sandbox systems isolated from trusted networks when analyzing untrusted websites or codes.
Why does it matter?
While the attack may not be anything unique, it stands out because of the protracted investment of the threat actors in developing credibility with their targets. This attempt by the attackers to blend in with the security community came as a shock to the latter. Moreover, what’s jarring is that the ultimate purpose of the attackers still remains unknown.
Security researchers targeted
- A spear-phishing campaign dubbed BadBlood, conducted by Charming Kitten APT, was targeted at 25 senior researchers in the fields of oncology, genetic research, and neurology. The aim of the campaign was to steal their credentials.
- Last month, North Korean hackers set up a fake security company, SecuriElite, to lure researchers into visiting the booby-trapped website.
The bottom line
Security researchers often build online connections with people they don’t know; this practice might lead them to dangerous dungeons dug by threat actors. The incidents mentioned above should serve as a reminder to exert caution when jumping into unknown territories or dealing with strangers on the internet.