Good morning to all of you well rested infosec folks who are just now waking up to this newest catastrophe :)

Fine, fine, I’ll be nice. While you were sleeping, Google security notified of a long term (allegedly DPRK) SE campaign targeting infosec researchers on Twitter, ingratiating themselves into the community with minor research and blogs, then sending them malicious links and code.

The list of accounts is in the blog and 3 or 4 accounts were very active, messaged and drew in a ton of researchers, and successfully got some to execute malicious code in the name of exploit research. My thread is full of stories and screenshots. They hit a ton of people.

Here is the blog.

There are still a lot of unsubstantiated rumors and humble brags floating around about what else they did, so I would stick to the blog for now.