Microsoft has patched a critical zero-day vulnerability that North Korean hackers were using to target security researchers with malware.
The in-the-wild attacks came to light in January in posts from Google and Microsoft. Hackers backed by the North Korean government, both posts said, spent weeks developing working relationships with security researchers. To win the researchers’ trust, the hackers created a research blog and Twitter personas who contacted researchers to ask if they wanted to collaborate on a project.
Eventually, the fake Twitter profiles asked the researchers to use Internet Explorer to open a webpage. Those who took the bait would find that their fully patched Windows 10 machine installed a malicious service and an in-memory backdoor that contacted a hacker-controlled server.