Good morning to all of you well rested infosec folks who are just now waking up to this newest catastrophe :)

Fine, fine, I’ll be nice. While you were sleeping, Google security notified of a long term (allegedly DPRK) SE campaign targeting infosec researchers on Twitter, ingratiating themselves into the community with minor research and blogs, then sending them malicious links and code.
The list of accounts is in the blog and 3 or 4 accounts were very active, messaged and drew in a ton of researchers, and successfully got some to execute malicious code in the name of exploit research. My thread is full of stories and screenshots. They hit a ton of people.
Here is the blog. https://t.co/T3No8Hj7xy
There are still a lot of unsubstantiated rumors and humble brags floating around about what else they did, so I would stick to the blog for now.
You need to check if you (or your team on work machines) interacted with any of these people, potentially followed malicious links, or amplified their social media posts.
@LawrenceAbrams also did not sleep: https://t.co/98UGrOk9fL
Anyway https://t.co/FNL9H3uZDh
Here is a particularly poignant and well documented one, as he discovers in real time what happened... https://t.co/uibzAnNNUn
Anyway this is all novel not so much for the established sock accounts and Twitter SE (which *ahem* some researchers have been dealing with for ages 🤷🏻‍♀️🍸) but more because of the tactics of tricking exploit researchers into running malicious code, and burning a Chome 0day.
Good luck, all. VM all the things, and assume every inbound DM is gonna be a dickpic!
(This is also a very funny 5am joke because one of the fake people they used was named James Willy. Thank you, I have been here all night.)

You May Also Like

So the cryptocurrency industry has basically two products, one which is relatively benign and doesn't have product market fit, and one which is malignant and does. The industry has a weird superposition of understanding this fact and (strategically?) not understanding it.


The benign product is sovereign programmable money, which is historically a niche interest of folks with a relatively clustered set of beliefs about the state, the literary merit of Snow Crash, and the utility of gold to the modern economy.

This product has narrow appeal and, accordingly, is worth about as much as everything else on a 486 sitting in someone's basement is worth.

The other product is investment scams, which have approximately the best product market fit of anything produced by humans. In no age, in no country, in no city, at no level of sophistication do people consistently say "Actually I would prefer not to get money for nothing."

This product needs the exchanges like they need oxygen, because the value of it is directly tied to having payment rails to move real currency into the ecosystem and some jurisdictional and regulatory legerdemain to stay one step ahead of the banhammer.